翻訳と辞書 |
Zero-day attack : ウィキペディア英語版 | Zero-day (computing)
A zero-day (also known as zero-hour or 0-day) vulnerability is an undisclosed computer application vulnerability that could be exploited to adversely affect the computer programs, data, additional computers or a network. It is known as a "zero-day" because once the flaw becomes known, the application author has zero days in which to plan and advise any mitigation against its exploitation (by, for example, advising workarounds or issuing patches).〔(Flash Vulnerabilities Causing Problems )〕 Attacks employing zero-day exploits are often attempted before or on the day that notice of the vulnerability is released to the public; sometimes before the author is aware or has developed and made available corrected code.〔(About Zero Day Exploits )〕 Zero-day attacks are a severe threat. ==Attack vectors==
Malware writers can exploit zero-day vulnerabilities through several different attack vectors. Sometimes, when users visit rogue Web sites, malicious code on the site can exploit vulnerabilities in Web browsers. Web browsers are a particular target for criminals because of their widespread distribution and usage. Cybercriminals can also send malicious e-mail attachments via SMTP, which exploit vulnerabilities in the application opening the attachment.〔(''SANS sees upsurge in zero-day Web-based attacks'', ''Computerworld'' )〕 Exploits that take advantage of common file types are numerous and frequent, as evidenced by their increasing appearances in databases like US-CERT. Criminals can engineer malware to take advantage of these file type exploits to compromise attacked systems or steal confidential data.〔"E-mail Residual Risk Assessment" Avinti, Inc., p. 2 http://www.avinti.com/download/case_studies/whitepaper_email_residual_risk.pdf〕
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Zero-day (computing)」の詳細全文を読む
スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|