(If you'll pardon the pun) Security researcher Oliver Lavery has announced the presence of a hoard of new Shatter vulnerabilities in Windows XP applications. Any privileged Windows applications that utilizes the new XP visual styles can be used by an attacker to gain elevated privileges through Shatter attacks in CommCtl32.dl.

The complete announcement, including proof-of-concept code, can be found at SecurityFocus.

I just read all that. I read the code, and I've got a fair idea what its doing. Hehhehehe. That's pretty bad.