Still one major problem that poses as a deal breaker to all that - The exploited process is running under a standard/non-admin user. Oops. Now you have to exploit admin privileges, and that's no easy task. Windows is a LOT heartier than Java, Flash, Firefox, Plugins. Granted there are plenty of mal-actions you can do without attacking Windows itself...botnets being out of the question. You could try to harvest passwords for example.