This vulnerability uses a two-step attack vector against a default installation of Windows Vista. Initially, a malicious software program can be downloaded and run without elevation, and this downloaded software program, called the proxy infection tool, can behave as expected while it sets up the secondlevel malicious payload. For instance, if users believe they are downloading a “Pac-Man” clone, such a game could be run while the malicious software did its work in the background).Once the seemingly harmless software is up and running, it duplicates and replaces shortcuts to unsigned programs in the user's personal Start menu folder (as opposed to the universal Start menu folder, which cannot be modified without UAC elevation.) Then, the next time the user attempts to run a program whose shortcut has been modified, he is confronted with a seemingly normal UAC elevation window, and the duplicated shortcut runs both the intended program and a piece of malware of the virus writer's choice.
eWeek asked Microsoft for a response, and the company didn't seem too worried, pointing out that the aforementioned exploit does require a user to download a malicious executable in order to be infected with the initial Trojan horse—either through social engineering or some other means.