Bugtraq mailing list archives
RE: Internet Explorer 0day exploit
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Tue, 24 Jul 2007 07:37:08 +0200 (CEST)
On Sat, 21 Jul 2007, Ken Kousky wrote:
Zero day is a serious misnomer from vendors that suggest that the counting of time an exposure is known BY THE GOOD GUYS is some kind of trigger date when in reality, many serious exploits are know BY THE BAD GUYS so the day zero is really months or maybe years prior to the disclosure or notification date. Look at the WMF vulnerability that caused a mad rush to patch it once the good guys were put on notice. In this case, the vulnerability had been present in Windows products since the early 90s and according to Kapersky Labs there was even malware being sold that took advantage of it long before there was even day zero notification.
I reserve the word 0day to issues that have been found through exploits.So a 0day exploit is an exploit out in the field were the vulnerability is/was not publicly known before the exploit was found.
As such it would be a very rough indication of the score of good guys (writing advisories) and the bad guys (writing exploits).
Hugo. -- hvdkooij () vanderkooij org http://hugo.vanderkooij.org/ This message is using 100% recycled electrons. Some men see computers as they are and say "Windows" I use computers with Linux and say "Why Windows?" (Thanks JFK, for the insight.)
Current thread:
- Re: Internet Explorer 0day exploit, (continued)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 13)
- Re: Internet Explorer 0day exploit Dragos Ruiu (Jul 14)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 17)
- Re: Internet Explorer 0day exploit Chris Stromblad (Jul 18)
- Re: Internet Explorer 0day exploit Zow (Jul 18)
- Re: Internet Explorer 0day exploit Chris Stromblad (Jul 20)
- Re: Internet Explorer 0day exploit Zow (Jul 19)
- Re: Internet Explorer 0day exploit Chris Stromblad (Jul 20)
- Re: Internet Explorer 0day exploit Chad Perrin (Jul 20)
- RE: Internet Explorer 0day exploit Ken Kousky (Jul 23)
- RE: Internet Explorer 0day exploit Hugo van der Kooij (Jul 24)
- RE: Internet Explorer 0day exploit Roger A. Grimes (Jul 24)
- Re: Internet Explorer 0day exploit Dragos Ruiu (Jul 14)
- Re: Internet Explorer 0day exploit Gadi Evron (Jul 13)
- Re: Internet Explorer 0day exploit Bigby Findrake (Jul 18)
- Re: Internet Explorer 0day exploit Chris Stromblad (Jul 20)
- Message not available
- Re: Internet Explorer 0day exploit Aaron Katz (Jul 23)
- Re: Internet Explorer 0day exploit Aaron Katz (Jul 23)