On Tue, 12 Dec 2006, Joxean Koret wrote:
>
> Wow! That's fun! The so called "Word 0 day" flaw also affects
> OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool
> with the file:
This is NOT a 0day. It is a disclosed vulnerability in full-disclosure
mode, on a mailing list (fuzzing mailing list).
I am not sure why I got this 10 times now, I thought the days of these
bounces were over. But I am tired of seeing every full-disclosure
vulnerability called a 0day anymore.
A 0day, whatever definition you use, is used in the wild before people are
aware of it.
>
> joxean@joxeankoret $ abiword 12122006-djtest.doc
>
> ** (AbiWord-2.2:24313): WARNING **: Invalid seek
>
> ** (AbiWord-2.2:24313): WARNING **: Invalid seek
>
> ** (AbiWord-2.2:24313): WARNING **: Invalid seek
>
> ** (AbiWord-2.2:24313): WARNING **: Invalid seek
> joxean@joxeankoret $ ooffice 12122006-djtest.doc
> OpenOffice.org lockfile found (/home/joxean/.openoffice/1.1.3/.lock)
> Using existing OpenOffice.org
> Application Errorsh: line 1: crash_report: command not found
> Application Error
>
> Fatal exception: Signal 6