Hmm - think we need a little perspective
Back when XP only just has SP2 out, and when a good whack of machines - even in businesses - were running user accounts with admin rights the security advice was:
1. Never run, download or even vist anything you don't trust
2. Repeat 1 and rinse
3. Firewall and AV - kept up to date
4. Don't run any day-to-day stuff as an administrator
Now none of these things have changed. The new technologies MS introduced into Vista and 7 have - and the author admits this - been compromised with a HUGE amount of effort and the chances of anything like this in the wild is slim.
Additionally, .Net / Silverlight or Java won't do this - as you can't just fuck around with memory however you want. Flash is a piss poor pile of shite which allows this to take place. (Ignore the massive holes in flash anyway)
Also, could someone who knows a little more than me confirm something - UAC would need to be turned off? (Or at least protected mode in IE)
I was under the impression that under protected mode the processes that run IE are in a very low security context - lower than the user (yes, user - not admin), and therefore cannot access anything much outside of a couple of small registry hives and a folder or two that does nothing othe than IE stuff....?
Protected mode aside, surely the flash interpreter runs under the logged on users context and not under system - therefore limited to the user environment? (therefore can delete some gormless users data or change the wallpaper but about feck all else...?)
If hack is taking place through the flash process loaded into then it really is flash being shite rather than IE - in fact IE has fuck all to do with it as it's code being processed by the flash process straight onto the stack... IE is just a vessel that fire's up flash which demands to run JIT code outside of the browser process and security context.
Flash sucks - use Sliverlight instead. Bit of managed code and it all goes away you know...