Many thanks must go to New Order for the heads up on this vunerability.
A flaw in XP's hot keys could allow non-administrative users to execute Administrator owned applications which are not usually accessible to them.
- Product: XP Home Edition (and others?)
Vulnerability Briefing: "Hot keys" allow non-administrative users to execute Administrator owned applications which are not usually accessible to them.
When XP is initially booted, all hot keys are disabled until actual authentication of the administrator or first account. Once logged in, hot keys are then enabled for use, usually by the initialization of a program in the backround which assigns these hot keys.
In some cases, such as a time of idle, XP will put itself back to the login screen for security purposes. This will require users to re-authenticate to get back to their current session, whether password protected or not.
News source: Root Core