Bugtraq mailing list archives
Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 14 Dec 2006 21:44:54 +0200 (EET)
After the public release we have to accept the fact that the PoC will be possibly accessible outside of exploit sites too. The overall risk of the issue is increasing. To confirm the existence of PoC it was listed in several references like http://www.securityfocus.com/bid/21589/exploit etc. The metadata information of 12122006-djtest.doc states the following: Created: 16th Aug 2006 Author: sarahbl - Juha-MattiGadi Evron <ge () linuxbox org> wrote:
On Tue, 12 Dec 2006, Joxean Koret wrote:> > Wow! That's fun! The so called "Word 0 day" flaw also affects> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool > with the file: This is NOT a 0day. It is a disclosed vulnerability in full-disclosure mode, on a mailing list (fuzzing mailing list). I am not sure why I got this 10 times now, I thought the days of these bounces were over. But I am tired of seeing every full-disclosure vulnerability called a 0day anymore. A 0day, whatever definition you use, is used in the wild before people are aware of it.> > joxean@joxeankoret $ abiword 12122006-djtest.doc > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek > > ** (AbiWord-2.2:24313): WARNING **: Invalid seek> joxean@joxeankoret $ ooffice 12122006-djtest.doc > OpenOffice.org lockfile found (/home/joxean/.openoffice/1.1.3/.lock) > Using existing OpenOffice.org > Application Errorsh: line 1: crash_report: command not found > Application Error> > Fatal exception: Signal 6
--clip--
Current thread:
- Re: [fuzzing] NOT a 0day! Re: [Full-disclosure] OWASP Fuzzing page Juha-Matti Laurio (Dec 14)