Jeffrey Schiller writes:

If you look at the exploit you will see it is a simple case of failing to check array/string bounds.

... which is exactly what was exploited in the 2013 attack, alongside a whole boatload of other missing defensive features, no DEP, no ASLR, executable stack, strcpy()s all over the place, it was described at the time as a "hack like it's 1999" attack. As I said in the previous post, security is more than just a fancy name and a lot of marketing, you have to actually make an effort to make it secure. Oh, and given that this looks like a repeat of the same flaws from three years ago, patching your insecure code also helps. Peter.