"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force." Windows Vista security 'rendered useless' by researchers
