Apparently, even the reference client is affected, to the extent that it allows spending of a previous transaction's change based on an unconfirmed transaction ID. This has to be fixed, or else the reference client does not handle malleable transactions as properly as the developers supposed in their replies to MtGox.
Please explain how change address can be affected by exploiting malleable transactions.
If you create 2 transactions T1 and T2, where T2 is a malleable script change for T1, it seems that you control the change address and no harm is done, no?