A logic flaw has been found in the way .NET grants permissions to ClickOnce applications. Combined with relaxed security warnings when handling OLE Packages in Office 2007 allows for attackers to run arbitrary .NET assemblies with Full Trust permissions.
00e1066c2923521d1053ae01947493005e91c3b5cd22f3ffe201033ada37e948