A while back me and some friends were messing around in the lab at school and figured out that by replacing sethc.exe (the executable run when sticky keys is triggered) with, well, anything, you're able to run that new program with at least administrator privileges under any account (that is if you made the change as an administrator of course). We replaced sethc.exe with cmd.exe and were able to spawn an admin shell from even non-admin accounts simply by hitting shift 5 times quickly.

That's bad of course.

In Windows XP we were able to launch it under SYSTEM credentials. The SYSTEM user account has privileges higher than that of a normal administrator, so that makes it doubly bad. In Windows Vista (Home Premium) if you invoke sticky keys on the login screen you get an administrator shell and calling explorer.exe aside from possibly having some weird side effects, will log you in as SYSTEM as well.