But I was more thinking about corporate computer systems where such an exploit should only last one session (except for privilege escalation, as OP mentioned).