Hey, iDefense has put out a great Paper on the application program interface in windows and the associated vulnerabilities... A great read IMO. Pretty much just a follow up on the Shatter attack paper by Foon...

http://packetstorm.linuxsecurity.com...tter_Redux.pdf