Hacker Bob reads John Doe's advisory and uses the PoC to exploit Acme Co.'s server. Acme sues John Doe for releasing the advisory and code which was used to exploit their server.
From what I've seen general practise is to put a flaw into the program to prevent someone (kiddies) from using the code as is. General belief is that those that can find and fix the flaw would be able to do the code from scratch.

I suspect it'd be hard to prove that the POC was the true source for the exploitation. Additionally, I wonder how much the courts would say that it is the responsibility of the company to patch their systems if the patch was released.