"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."
What's more, most people run with administrator privileges on Windows 7/Vista/XP because that's the default.
Yes, I'm sure that my analysis was correct. IE8+ on Vista+ run IE renderer's in Low Integrity, which means read-only access. It's not possible to further compromise (ie, install malware) on the exploited machine without a second exploit that escalates integrity levels to medium.
The article specifically states that on Windows 7 the attacker obtains the privileges of the current user.
Microsoft's advisory agrees:
http://technet.microsoft.com/en-us/security/advisory/2757760
"The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."
What's more, most people run with administrator privileges on Windows 7/Vista/XP because that's the default.