Software Vulnerability Exploits are exploits in software that can potentially allow hackers to take control.
Web Based Attack
In a web-based environment the most attacked applications are those having direct or indirect relation to internet.
The list of such applications mostly comprised from PDF readers, digital document processors, media players and web browsers, while in case of web-browsers in addition to its internal vulnerabilities, web browsers may also suffer from vulnerabilities found in installed plug-ins.
The examples of known vulnerabilities and their possible exploitation can be found in CVEs.
Software Vulnerability and Exploitation
Software vulnerability is basically an incorrect or invalid handling of input parameters passed to a vulnerable program or simply software bug. A specially crafted input exploiting such vulnerability is called software vulnerability exploit or simply exploit.
If the software vulnerability is unknown to the others or undisclosed to the software manufacturer then the actual code that uses it often called a zero-day exploit or a zero day attack.
Software vulnerability can be protected against with software such as Malwarebytes Anti-Exploit.
A common lifecycle of the zero day exploit is as follows:
- The software manufacturer releases product containing the vulnerability, usually an unknown one.
- The attacker finds the vulnerability before software developer does or before he was informed by the users.
- The attacker creates and distributes an exploit.
- The manufacturer finds the vulnerability and starting writing the fix.