Vulnerability Trends

Vulnerability Trends | Total Number of Vulnerabilities | Zero-Day Vulnerabilities | Notable Zero-day Attacks | Web Browser Vulnerabilities | Web Browser Plug-in Vulnerabilities | Web Attack Toolkits | SCADA Vulnerabilities

Zero-Day Vulnerabilities


Zero-day vulnerabilities are vulnerabilities against which no vendor has released a patch. The absence of a patch for a zero-day vulnerability presents a threat to organizations and consumers alike, because in many cases these threats can evade purely signature-based detection until a patch is released. The unexpected nature of zero-day threats is a serious concern, especially because they may be used in targeted attacks and in the propagation of malicious code.


Zero-day vulnerabilities are a sub-set of the total number of vulnerabilities documented over the reporting period. A zero-day vulnerability is one that appears to have been exploited in the wild prior to being publicly known. It may not have been known to the affected vendor prior to exploitation and, at the time of the exploit activity, the vendor had not released a patch. The data for this section consists of the vulnerabilities that Symantec has identified that meet the above criteria.
Figure D.4: Volume of Zero-day vulnerabilities 2006 – 2011. Source: Symantec
Figure D.5: Zero-day Vulnerabilities Identified in 2011. Source: Symantec


2011 produced the lowest number of zero-day vulnerabilities in the past 6 years. There was a 43% drop in vulnerabilities seen in 2011 compared with 2010. However the number of vulnerabilities seen in 2010 was somewhat inflated due to W32.Stuxnet, which itself contributed to four11 of the zero-day vulnerabilities seen in that year.
There was only one zero-day browser vulnerability seen in 2011, a drop of 3 from 2010. This corresponds with the overall drop in browser vulnerabilities seen in 2010. While browser vulnerabilities continue to be attractive for attackers, increased security built into browsers have made it more difficult for attackers to create reliable exploits. Examples of these security features are Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP)12 .
While the overall number of zero-day vulnerabilities is down, attacks using these vulnerabilities continue to be successful. The majority of these vulnerabilities are leveraged in targeted attacks. Adobe Flash and Reader vulnerabilities are widely used in targeted attacks and account for 50% of the zero-day vulnerabilities seen in 2011.