You're missing the point. First, if windows has them installed then YES they are windows vulnerabilities. if you installed them and they didn't come with the isntall disk then no they aren't.
But I think the point is they are just using those as ONE way to launch the exploit. Kind of like using vbscript to launch an exploit to attack the real exploit. So it's not ruby that's causing the exploit it's just a mechanism by which they attack it.
This is a good thread with some serious eating of crow by the Mac bigots ;-) It takes a while but they do get nailed pretty hard.
That is a horrible way to measure security. If they are not part of the normal Windows install, and they don't use Windows components, then they are not Windows vulnerabilities, but vulnerabilities in a Windows application. Unfortunately for Windows, many apps use mshtml.dll to render html, so their vulnerabilities can become Windows vulnerabilities (conversely, mshtml.dll vulnerabilities can make the program vulnerable).
The average Linux disk comes with hundreds of third-party programs, few of which ever get installed by the average user. Do you count some obscure program used by very few people as a Linux vulnerability?
The standard should be based on the standard install if we're talking about the general public. None of this gets installed by the average user, who probably thinks Perl and Ruby have something to do with jewelry.
So it's not ruby that's causing the exploit it's just a mechanism by which they attack it.
An exploit is just a theoretical exercise without a vector.
And YOU are missing the point. I installed both Ruby and Perl when I installed X11 to run some UNIX apps on my Mac. They were not installed as part of the default OS X installation.
The vast majority of Mac users posting on the websites discussing MoAB have been unable to make their examples work.