Yes, but the bitcoind reference client fails safely: the child transactions are orphaned and no funds are lost. It's behavior alone is not exploitable.
Unfortunately it does not fail completely safely. The change transaction seems to still be available for coin selection and causes sends to fail. The getbalance command shows an incorrect balance due to counting the change address twice - once in the double spend and once in the accepted. The accounts system also has balances messed up which some merchant sites rely on.
It is not "lose money" exploitable (unless combined with social engineering) but is definitely "lose time, lose effort" exploitable.
It is not "lose money" exploitable (unless combined with social engineering) but is definitely "lose time, lose effort" exploitable.