bill - 5:16 am on Nov 26, 2010 (gmt 0)
This flaw gets around the UAC and allows the attacker to impersonate the system account. However, it still appears that you'd need to introduce code to exploit this. They would need to send you a file of some sort and AV software should eventually be able to pick this stuff up. It's still a pretty spooky flaw.