On Thu, 14 Dec 2006, Juha-Matti Laurio wrote: > After the public release we have to accept the fact that the PoC will be > possibly accessible outside of exploit sites too. > The overall risk of the issue is increasing. > To confirm the existence of PoC it was listed in several references like > http://www.securityfocus.com/bid/21589/exploit > etc. > > The metadata information of 12122006-djtest.doc states the following: > > Created: 16th Aug 2006 > Author: sarahbl
Not a 0day. > > - Juha-Matti > > > Gadi Evron <[EMAIL PROTECTED]> wrote: > > On Tue, 12 Dec 2006, Joxean Koret wrote: > > > > > > Wow! That's fun! The so called "Word 0 day" flaw also affects > > > OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool > > > with the file: > > > > This is NOT a 0day. It is a disclosed vulnerability in full-disclosure > > mode, on a mailing list (fuzzing mailing list). > > > > I am not sure why I got this 10 times now, I thought the days of these > > bounces were over. But I am tired of seeing every full-disclosure > > vulnerability called a 0day anymore. > > > > A 0day, whatever definition you use, is used in the wild before people are > > aware of it. > > > > > > > > > > [EMAIL PROTECTED] $ abiword 12122006-djtest.doc > > > > > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > > > > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > > > > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > > > > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > > [EMAIL PROTECTED] $ ooffice 12122006-djtest.doc > > > OpenOffice.org lockfile found (/home/joxean/.openoffice/1.1.3/.lock) > > > Using existing OpenOffice.org > > > Application Errorsh: line 1: crash_report: command not found > > > Application Error > > > > > > Fatal exception: Signal 6 > > --clip-- > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
