Yes, in the event you're running all tasks as an administrative user, that's true. If you're logged in as a non-admin, the attack grants the web site non-administrative privileges. It is all relative to the level of privilege you hold when your system is attacked. This is true of 99.99% of client...

[ more ]