Re: Ahh, it's application level granularity...
"I believe that hole (that potentially allowed you to take over the elevated privileges of say antivirus programs!) was fixed some time ago."
No it's been found some time ago, since it's an application problem, it needs to be fixed in every application... which is not going to happen, particularly for all that legacy stuff companies depend on.
"True, but corporates would normally only allow trusted signed or trusted location macros to run. Even for consumers Office defaults to disabling active content by default and warning you before enabling them."
The OLE Automation problem does not rely on Macros being enabled. You can simply control those applications from another program. It's an intended feature. Even if there wasn't OLE Automation, you could still just start the program, make the window invisible, and send keypresses.
There simply are no security boundaries between Windows applications running under the same user by design.