Marco Giuliani of Prevx has stated that no malware is currently exploiting this flaw, but also warned that it would be "very soon" before malware authors begin exploiting the vulnerability.
The API in which the vulnerability is located does not correctly validate input, resulting in stack overflow. This means that an attacker could control the destination of the "overwritten return address" and in essence execute their code with kernel mode privileges. Since this exploits user elevation, it bypasses UAC and leaves Vista and 7 vulnerable. This is specifically important due to the fact that UAC was originally implemented to prevent unauthorized privilege elevation.
New Windows vulnerability bypasses UAC
Posted on Thursday, November 25 2010 @ 17:37 CET by Thomas De Maesschalck