[VIM] Who's Right?

[security curmudgeon]

: Looking at the ithe buffer overflow announced today in Domino, I noticed 
: IBM suggests that exploitation only results in a denial of service while 
: MWR, the researchers who are credited with discovery, talk about 
: arbitrary code execution with local SYSTEM privileges, for which they 
: claim to have a working PoC for Windows.  I wonder who's right...

Doesn't IBM have a history of downplaying overflows, only mentioning the 
DoS angle?