What alternative methods can be used to exploit the IARPUninstallStringLauncher COM component besides PEB modification?

Besides modifying the PEB, two additional methods are described in the article. The first is DLL injection or using `rundll32.exe` to load a malicious DLL, as originally demonstrated by ExpLife. The second uses PowerShell with `Invoke-ReflectivePEInjection.ps1` to load the executable into PowerShell's memory, leveraging the fact that `powershell.exe` is a trusted process and thus does not trigger UAC dialogs. These approaches are analogous to Unauthorized file copying via COM component IFileOperation in their use of trusted processes.