0day "In the Wild"
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
0day "In the Wild"
2
Last updated: 2019-05-15
3
4
This spreadsheet is used to track cases of zero-day exploits that were detected "in the wild". This means the
vulnerability was detected in real attacks against users as a zero-day vulnerability (i.e. not known to the
public or the vendor at the time of detection). This data is collected from a range of public sources. We include
relevant links to third-party analysis and attribution, but we do this only for your information; their inclusion does
not mean we endorse or validate the content there.
5
6
An introduction to this spreadsheet is available on the Project Zero blog:
7
https://googleprojectzero.blogspot.com/p/0day.html
8
9
Some additional notes on how the data is processed:
10
- Scope for inclusion: there are some 0day exploits (such as CVE-2017-12824) in areas that aren't active
research targets for Project Zero. Generally this list includes targets that Project Zero has previously
investigated (i.e. there are bug reports in our issue tracker) or will investigate in the near future.
11
- Security supported: this list does not include exploits for software that is explicitly EOL at the time of
discovery (such as the ExplodingCan exploit for IIS on Windows Server 2003, surfaced in 2017).
12
- Post-disclosure: this list does not include CVEs that were opportunistically exploited by attackers in the gap
between public disclosure (or "full disclosure") and a patch becoming available to users (such as
CVE-2015-0072, CVE-2018-8414 or CVE-2018-8440).
13
- Reasonable inference: this list includes exploits that were not discovered in an active breach, but were
leaked or discovered in a form that suggests with high confidence that they were probably used "in the wild"
at some point (e.g. Equation Group and Hacking Team leaks).
14
- Date resolution: we only set the date of discovery when the reporter specifies one. If a discovery is
indicated as being made in "late April" or "early March", we record that as if no date was provided.
15
- Attribution: generally the “claimed attribution” column refers to the attack team that is reportedly using the
exploit, but in some cases it can refer to the supplier of the exploit (c.f. HackingTeam, NSO Group, Exodus
Intel) if no other information is available.
16
- Time range: data collection starts from the day we announced Project Zero -- July 15, 2014.
17
18
For additions, corrections, questions, or comments, please contact 0day-in-the-wild@google.com
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...