@wdormann@catsalad I agree but FWIW, I labeled it as EITW-ish with an explanation when I reported internally because based on the advisory, I expect anyone with an exploit for the previously patched vuln will quickly have an exploit for this one.
@cR0w@catsalad Yeah, proof of ITW exploitation is quite a tricky thing. Functional public exploit exists? That's technically not evidence of exploitation in the wild. Trivial to figure out? Same. Without evidence, I suppose both count as probably exploited ITW.
