In Vista, there is a feature called Protected Mode, which is an 'integrity' label attached to a directory or file. IE7 has an integrity label of LOW, which prevents it or any subprocess of it to Write to any file and directory of Medium integrity. Most files of Vista are medium integrity. And any file not explicitly labeled is also of medium integrity.
An integrity label settings can actually prevent READ, WRITE and EXECUTION. Although Vista only employs the forbid to write feature.
Shellcode, to the best of my knowlege, needs access to CMD.EXE. It's integrity label can be modified to Medium -- No Read, No Write, No Execute with the method below
Create a file called blockaccess_x86.inf with these lines:
-----------------------------
Code:
[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[File Security]
"%windir%\system32\cmd.exe",2,"S:(ML;;NWNRNX;;;ME)"
----------------------------
Then right click CMD and 'Run as Administrator' and execute this command:
----------------------------
Code:
SecEdit /configure /db BlockAccess.sdb /cfg blockaccess_x86.inf
----------------------------
After this modification, no low integrity application can read, write or execute CMD.exe.
Login 
Search 
Facebook
Twitter
TechGuy.tv
TSG Mobile