Products
- - KasperskyTotal Security
    Gives you the power to protect your family – on PC, Mac, iPhone, iPad & Android
    
    Learn more / Free trial
  - KasperskyInternet Security
    Protects you when you surf, socialise & shop – on PC & Mac, plus Android devices
    
    Learn more / Free trial
  - KasperskyAnti-Virus
    Safeguards your PC and all the precious things you store on it
    
    Learn more / Free trial
  - KasperskyInternet Security for Mac
    Protects you when you surf, socialise & shop – on your Mac
    
    Learn more / Free trial
  - KasperskyInternet Security for Android
    Protects you when you surf and socialise – on your Android phones & tablets
    
    Learn more / Download
  - KasperskySecure Connection
    Protects your communications, location, privacy & data – whenever you’re online
    
    Learn more / Download
- - Free Tools
  - Kaspersky Safe Kids
  - Kaspersky Password Manager
  - Kaspersky Software Updater
  - View more
Renew
Downloads
Support
Resource Center
Securelist
Kaspersky Daily
Encyclopedia
- Glossary
- Knowledge Base

Solutions for:
Home
- Security Solutions
- Renew
- Support
- Resource Center
- Encyclopedia
  - Glossary
    The Glossary contains several hundred definitions of terms that you might come across in our articles and blogs, or on other information security sites. Unlike the in-depth articles in the Knowledge Base, every definition in the Glossary is succinct, while remaining highly informative. (This section is currently under construction)
  - Knowledge Base
    In the Knowledge Base, you will find various articles about common threats, a general classification of malware and unwanted messages, and a brief historical overview of the evolution of these and many other threats. The Knowledge Base now has three main sections: – The Detectable Objects section gives detailed information about malicious and potentially dangerous programs that we protect users against every single day all around the world, as well as advice on what to do in case of infection. – In the Spam and Phishing section, you will learn about phishing and spam mailings, how their creators earn money from them, and how this type of threat has evolved since the 1990s to the present day. – The articles in the Vulnerabilities and Hackers section is devoted to the topic of software vulnerabilities and how cybercriminals exploit them, as well as legislation and hackers in the broad sense of the word.
- My Kaspersky
Business
Partners
About Us
Support
Contact Us

Software vulnerabilities

The term ‘vulnerability’ is often mentioned in connection with computer security, in many different contexts.

In its broadest sense, the term ‘vulnerability’ is associated with some violation of a security policy. This may be due to weak security rules, or it may be that there is a problem within the software itself. In theory, all computer systems have vulnerabilities; whether or not they are serious depends on whether or not they are used to cause damage to the system.

There have been many attempts to clearly define the term ‘vulnerability’ and to separate the two meanings. MITRE, a US federally funded research and development group, focuses on analysing and solving critical security issues. The group has produced the following definitions:

According to MITRE’s CVE Terminology:

[…] A universal vulnerability is a state in a computing system (or set of systems) which either:

allows an attacker to execute commands as another user
allows an attacker to access data that is contrary to the specified access restrictions for that data
allows an attacker to pose as another entity
allows an attacker to conduct a denial of service
MITRE believes that when an attack is made possible by a weak or inappropriate security policy, this is better described as ‘exposure’:

An exposure is a state in a computing system (or set of systems) which is not a universal vulnerability, but either:

allows an attacker to conduct information gathering activities
allows an attacker to hide activities
includes a capability that behaves as expected, but can be easily compromised
is a primary point of entry that an attacker may attempt to use to gain access to the system or data is considered a problem according to some reasonable security policy
When trying to gain unauthorized access to a system, an intruder usually first conducts a routine scan (or investigation) of the target, collects any ‘exposed’ data, and then exploits security policy weaknesses or vulnerabilities. Vulnerabilities and exposures are therefore both important points to check when securing a system against unauthorized access.

Products to Protect You
Our innovative products help to give you the Power to Protect what matters most to you. Discover more about our award-winning security.
FREE Tools
Our FREE security tools and more can help you check all is as it should be… on your PC, Mac or mobile device.
About Us
Discover more about who we are… how we work… and why we’re so committed to making the online & mobile world safer for everyone.
Get Your Free Trial
Try Before You Buy. In just a few clicks, you can get a FREE trial of one of our products – so you can put our technologies through their paces.