The title is a little misleading.. All this does is create a new file type association that looks like an JPG but is in fact an EXE. Sounds a lot like those double extensions or extensions that end in a CLSID. It does NOT hide executable code inside a real JPG.

As for the permissions on HKEY_CLASSES_ROOT only administrators can add, remove, change everything. Creator/Owner however is able to add new subkeys to HKCR.