The question is given. Are there any chance for a restricted/limited user to gain localsystem rights on an WinXP SP2? Is Code injecting/executing possible to/from LocalSystem processes? Code injection works fine with SetWindowText() but how to execute it? Satck/heap based overlflows could be used? Is it possible to start an application with localsystem rights by restricted user? Thank you for your answers!
The answer is "unlikely". If need be u can always use the third party software holes. For example, I've heard a lot of rumors about aspi.sys driver. StarForce drivers. Firewall drivers. Dig them and then dig them again. May be you are lucky
