Microsoft Windows keybd_event validation vulnerability: unprivileged shells or applications executed with the runas application or services with the INTERACT_WITH_DESKTOP flag are allowed to send keys to any application on the Desktop. By sending some short-cut keys it is possible to execute code, elevate privileges and bypass runas or service security restrictions. Proof of concept code included.
1887de02d9899199c5099ca6748b31e81a407148ff7f19442a07314c1ff9c25d