Comments on: Undercover Vulnerability List – Request for Updates

By: Spire Security Viewpoint

Spire Security Viewpoint — Mon, 27 Oct 2008 13:08:38 +0000

Undercover Exploits and Vulnerabilities – 10-27-08

Looks like we have a confirmed addition to the undercover exploit list (old list). That makes 21 total since 1988. 10/27/08 – MS08-067 RPC vulnerability (public info). 11/23/07 – Xunlei Thunder PPlayer ActiveX control (credit: Symantec*) 4/5/07 – DNS R…

By: Pete Lindstrom

Pete Lindstrom — Sat, 23 Aug 2008 04:00:37 +0000

@Druid -

I think 0day would have been a great term except it got abused a few years back and so now people think of something other than what I mean. Many people consider “0day vulnerabilities” those vulnerabilities that don’t have a patch available when they are disclosed, regardless of how they are discovered. (There are plenty of so-called “0days” that have never actually been exploited.)

I think “0day vulnerability” is a misnomer because 0day implies an attack, not simply a vuln.

Anyway, undercover vulnerabilities are only those vulns that were identified due to exploits in the wild – a subset of the common 0day definition (though I would dispute the notion that it is well-established).

By: I)ruid

I)ruid — Fri, 22 Aug 2008 20:41:13 +0000

“Undercover”? I’ve never heard that term before in relation to a vulnerability or exploit… Don’t you mean “0day”? If so, why are you trying to coin new terminology for things which already have well-established terminology for them?

Fun Fact: Once it’s discovered in the wild and disclosed to the public, such as to a ‘undercover list page’, it’s no longer 0day.