If the potential buyer had complete confidence that the "bug" was a powerful as they contend, and if the buyer knew they would be the ONLY one to ever have it (unless they leaked it), the price and worth would be much higher. The first use of such a "bug" could reap many times the cost in one harvest. I hate that Windows is such an accident waiting to happen. Left it long ago.
It's a local privileges escalation exploit that could reek havoc on security protections that are policy based as many corp. and gov. based systems are.
Yes, they often combine these kind of bugs with holes found in browsers, in order to bypass browser sandboxes, for example. But they are not often used in wide scale attacks, that's the good news.
Given how advanced malware is these days, it's completely possible to make it behave as a ligitimate software which has DRM and everything
I think the the seller is a scammer. You honestly won't find 0-days on exploit.in. Just a bunch of Russian crap.