The vulnerability was wormable for good measure, hence any attacks exploiting it could have spread from device to device with no need for user interaction.