Oh Kinners, those Heise guys don't really know much either. Yes, the standard doesn't define every impossible case. So what? RFCs never do either. It's not necessary either - just because a standard doesn't define every possible situation down to the last detail, that doesn't mean programmers can throw their brains away and just build in whatever causes trouble. It's not the standard that's defective or has weaknesses - it's the implementations in the programs. A standard might not be complete - but that would mean that functionality in relation to the content of the standard is not sufficiently defined. But not that everything that's not part of the standard is not sufficiently defined. Or something like that.
At heise online news there's the original article.