(Pwn2Own) Microsoft Windows Installer Local Elevation of Privilege Vulnerability

This vulnerability allows local attackers to execute arbitrary code as SYSTEM on vulnerable installations of Microsoft Windows. An attacker must be logged in as a user on the system in order to execute the attack. The specific flaw exists within the behavior of some MSI installations. Some installations will launch an executable as SYSTEM during uninstallation or repair. The location of this executable is read from a registry key controllable by an unprivileged user, and because a repair operation does not require elevation, a standard user can use this functionality to execute arbitrary code as SYSTEM.