After the public release we have to accept the fact that the PoC will be possibly accessible outside of exploit sites too.
The overall risk of the issue is increasing.
To confirm the existence of PoC it was listed in several references like
http://www.securityfocus.com/bid/21589/exploit
etc.
The metadata information of 12122006-djtest.doc states the following:
Created: 16th Aug 2006
Author: sarahbl
- Juha-Matti
Gadi Evron <ge@xxxxxxxxxxxx> wrote:
On Tue, 12 Dec 2006, Joxean Koret wrote:
>
> Wow! That's fun! The so called "Word 0 day" flaw also affects
> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> with the file:
This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
mode, on a mailing list (fuzzing mailing list).
I am not sure why I got this 10 times now, I thought the days of these
bounces were over. But I am tired of seeing every full-disclosure
vulnerability called a 0day anymore.
A 0day, whatever definition you use, is used in the wild before people are
aware of it.
>
> joxean@joxeankoret $ abiword 12122006-djtest.doc
>
> ** (AbiWord-2.2:24313): WARNING **: Invalid seek
>
> ** (AbiWord-2.2:24313): WARNING **: Invalid seek
>
> ** (AbiWord-2.2:24313): WARNING **: Invalid seek
>
> ** (AbiWord-2.2:24313): WARNING **: Invalid seek
> joxean@joxeankoret $ ooffice 12122006-djtest.doc
> OpenOffice.org lockfile found (/home/joxean/.openoffice/1.1.3/.lock)
> Using existing OpenOffice.org
> Application Errorsh: line 1: crash_report: command not found
> Application Error
>
> Fatal exception: Signal 6
--clip--
