Buried in the article is the fact that you must already have access to DCL in order to exploit this. Most systems are sheltered from external access. Since many, if not most, sites do not utilize CLDs, I would suspect that removing the priv as noted in this group a while ago will suffice to close this hole in non-VSI versions. Dan