Hmm...I wonder if this works against the new "Enhanced Protected mode" introduced with Internet Explorer 10?
»blogs.msdn.com/b/ieinternals/arc ··· top.aspx
Metro IE10 runs in it by default, but a simple check box enables it for Desktop IE 10 (I have it turned on)
Of course I realize there is more ways then just the browser to get a chance to attempt something like this such as email, IM, various way. I would be curious though if the new Enhanced Protected Mode, which uses AppContainers, could migitate this to some degree?
if this type of exploit would even work mind you.