It's not. Gibbie is, as usual, full of it. Here's one commenter who notes that Gibson's assertion that the exploit can only be triggered with a record length of 1 (so therefore it *must* be intentional!!1!1!11) is complete BS.
http://it.slashdot.org/comments.pl?sid=173878&cid=14466008
I hate to be the party-pooper, but Gibson is next to worthless as a source for anything related to computer security.
He is now tearing apart the code, instruction by instruction.
Likely, the record length of one detail was wrong.
What he gets from reading the actual machine instructions will be rock solid - that's how Steve works.
What he has already, the CALL EAX into the metafile (which is supposed to contain image data, not machine instructions), is seriously compelling.
Please quit slandering Gibson. I don't know your agenda here, sir, but something stinks about your postings.