It only took security researchers two days to find the first remotely exploitable flaw in Vista. But this one is stretching the definitions of both remote and flaw.
The issue came to light this week on the Dailydave mailing list
In order to make the trick work, the user would need to have voice command enabled on his PC and would also need to be somehow caught napping and not interfere during the execution of the commands. The attack is not able to bypass Vista's User Account Control, according to the messages on the list.