In other words, a write-what-where condition can be exploited to run attack, or exploit, code.
Ormandy has had dust-ups with other vendors over vulnerabilities. In mid-2011, he accused Adobe of "trying to bury" an "embarrassing number" -- he said more than 400 -- of bugs in Flash Player.
Microsoft will probably not rush to patch the vulnerability Ormandy disclosed, said Storms, even though it might be usable by astute hackers. "At this point, it's difficult to imagine that Microsoft will do much of anything outside of their usual incident response that begins with confirming the bug and possibly issuing an advisory," Storms said.
Microsoft's next regularly-scheduled Patch Tuesday is June 11, or just under three weeks from today.
Sign up for CIO Asia eNewsletters.