Yes, I'm sure that my analysis was correct. IE8+ on Vista+ run IE renderer's in Low Integrity, which means read-only access. It's not possible to further compromise (ie, install malware) on the exploited machine without a second exploit that escalates integrity levels to medium.