This is a interesting post regarding a Windows 7 vulnerability that has remained unpatched for quite a while now. In 2009 Security researcher Long Zheng disclosed a UAC vulnerability that gives the possibility to install software on the target system without user interaction.
Two years have passed and this issue regarding the UAC vulnerability has not been dealth with.One of the reasons may be the fact that “Zheng’s vulnerability is only valid for protected administrator accounts with default UAC settings”.
Also the post describes a different vulnerability that adresses privilage elevation:
“The method of elevation is an architectural issue. Elevated processes must be protected at the kernel level. Currently, at least as far as we are aware, PowerBroker Desktop is the only product on the market that deal with this type of threat,”
The complete article can be found here: http://www.thetechherald.com/article.php/201107/6830/RSAC-2011-Windows-7-vulnerabilities-show-need-for-kernel-control