Symantec has analyzed the User Account Control in Windows Vista and has presented the verdict. Do not trust UAC prompts. In this regard, Symantec has also provided an example of how the User Account Control can be abused in order to fool the user in elevating a malicious process. At the basis of this is the fact that the UAC does not provide a security boundary or direct protection, but only a chance for the user to verify an action before allowing it to take place.
“The issue I discovered was that the binary RunLegacyCPLElevated.exe, [which] is designed to provide backward compatibility by allowing legacy Windows Control Panel plug-ins to run with full administrative privileges. What’s the drama? I hear you say. The problem stems from the fact that RunLegacyCPLElevated.exe takes as one of its parameters an arbitrary DLL with a particular export. The DLL has to export the CPlApplet function, which is then called with a number of different parameters depending on the action being performed,” explained Ollie Whitehouse, Symantec Security Response Researcher.