...Yet tests of the flaw conducted by BetaNews suggest that, while the bug can crash Windows XP, its roots in the Win32 API dating back to Windows 3.1, coupled with the fact that the source code for the proof-of-concept appears to be straight ANSI C, directly contradict the Times' implication that the bug somehow afflicts Internet Explorer 7.0.
In fact, BetaNews' tests of the original proof-of-concept code, as posted to a Russian security researchers' group Web site, turned up a significant flaw in that code, which would prevent it from being compiled on a modern operating system.
A followup analysis and test of the previously reported flaw that appears to affect many versions of Windows, including Vista.
The bad news; this flaw, when run correctly, can cause Windows to crash.
The good news; as it was originally released, the code in question could not have been run on Vista at all.
The better news? The remaining claims of possible exploits from this code appear to be the result of obfuscation, speculation and downright deception on the parts of some parties involved with reporting or providing "facts" in support of earlier reports about this issue.
I don't think it is fair to tag the NY Times as solely to blame if this situation turns out to be exaggerated, there have been many other news outlets who are passing on the same information verbatim, without attempting followup or addtional commentary from other sources.