So the scenario would be:
• The user gets infected by malicious code running as a restricted user – Trojan or exploit are two likely vectors
• This malicious code drops a malicious CPL file to disk in a location that the restricted user can write to
• The malicious code then calls RunLegacyCPLElevated.exe with the malicious CPL as a parameter
• The user is presented with a UAC prompt that claims that MicrosoftWindows needs to elevate permissions and not a third party application
•
The user authorizes and the malicious code obtains administrative privileges