From a July 2009 Technet article entitled Inside Windows 7 User Account Control, Mark Russinovish describes that it's possible for an application running as standard user to silently elevate and gain administrative rights:
...it's possible for third-party software running in a PA (Protected Administrator) account with standard user rights to take advantage of auto-elevation to gain administrative rights. For example, the software can use the WriteProcessMemory API to inject code into Explorer and the CreateRemoteThread API to execute that code, a technique called DLL injection. Since the code is executing in Explorer, which is a Windows executable, it can leverage the COM objects that auto-elevate, like the Copy/Move/Rename/Delete/Link Object, to modify system registry keys or directories and give the software administrative rights.
He goes on to mention that malware will never do this, because it's too hard:
...these steps require deliberate intent, aren't trivial...
and finally
...malware could gain administrative rights using the same techniques.
So i'm curious to see an actual implementation.
i would have thought PROCESS_VM_WRITE would be a right not given to standard users.
Note: i would never actually do anything bad myself, as is true for every other developer in the world.