Was there ever a genuine zero day attack ?

I've been doing a bit of reading around zero day attacks.

Just wondering if anyone has heard of a genuine zero day attack , that is the actual "in the wild" usage of an exploit that a vendor did not know about at that time .

Cheers
J

 

1) Internet Explorer 0-day exploit
http://isc.sans.org/diary.html?storyid=874

Reports on IE exploit
http://isc.sans.org/diary.html?storyid=914

I did not find a site to test.


2) Windows WMF 0-day exploit in the wild
http://isc.sans.org/diary.html?storyid=972

Test:

http://www.urs2.net/rsj/computing/tests/wmf/



3) Adobe Reader/Acrobat Unspecified Buffer Overflow Vulnerability
https://www.wilderssecurity.com/showthread.php?t=233881

Test:

​

----
rich

 

Absolutely. For me they normally come in email attachments (which are run in a test machine VM for verification of the file being malicious). It's interesting seeing which of the AV's I have installed will pick it up the soonest.

 

Thanks , those are very interesting , esp 2).

Thats anti-executable thats blocking 2) in the screenshots ?

 

Yes. If my memory serves me, this was also blocked by those using ProcessGuard and Software Restriction Policies.

This was more than 4 years ago and was the beginning of the realization for some of us that all of these drive-by exploits so called have the same objective: to install a malware executable, which can be easily blocked by White List protection, negating the need to detect by a signature. Hence 0-day, 50-day - it is irrelevant.

----
rich