That is a horrible way to measure security. If they are not part of the normal Windows install, and they don't use Windows components, then they are not Windows vulnerabilities, but vulnerabilities in a Windows application. Unfortunately for Windows, many apps use mshtml.dll to render html, so their vulnerabilities can become Windows vulnerabilities (conversely, mshtml.dll vulnerabilities can make the program vulnerable).
The average Linux disk comes with hundreds of third-party programs, few of which ever get installed by the average user. Do you count some obscure program used by very few people as a Linux vulnerability?
The standard should be based on the standard install if we're talking about the general public. None of this gets installed by the average user, who probably thinks Perl and Ruby have something to do with jewelry.
So it's not ruby that's causing the exploit it's just a mechanism by which they attack it.
An exploit is just a theoretical exercise without a vector.
Absolutely it's a linux vulnerability. I know a bunch of people that dabble with linux and choose to install everything. Besides how many users need to install software to make it "count" as a vulnerability. You've gone overboard trying to prove a point that you lost a long time ago. FACT: MOAB proves mac has some serious issues. FACT: One can exploit those vulnerabilities today.
Using your logic I could claim Windows is Uber secure because they should be running the latest windows Vista and or Windows 2003. And only install EXACTLY what they need...and if any of those things are optional they don't count. TCP/IP...who needs that? I don't need to install a network card...that's optional too I guess. So unless 100% of the machines are running the code it doesn't count. And even if it is Microsoft says to run AV and firewalls so if the user doesn't the vulnerabilities don't count.