How does the IARPUninstallStringLauncher COM component bypass UAC?

The IARPUninstallStringLauncher COM component bypasses UAC by exploiting the fact that uninstalling a program from the Control Panel does not trigger a UAC prompt. This component's `LaunchUninstallStringAndWait` method executes the command stored in the `UninstallString` registry value. By creating a registry entry under `HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall` with a malicious payload, and calling this method from a process impersonating `explorer.exe`, the payload runs with elevated privileges silently. For a full walkthrough, see the original article: Bypassing UAC via COM Component IARPUninstallStringLauncher.