A vulnerability is a bug or security flaw that provides the potential for an attacker to gain unauthorized access to, or use of, a computer.
The hacker does this by writing specific exploit code.
The use of software vulnerabilities (in an operating system or application) is a common way to install malicious code on a computer.
Once a vulnerability has been discovered (either by the developer of the software or someone else) the vendor of the application typically creates a ‘patch’ to block the security hole.
As a result, vendors, security researchers and cybercriminals are engaged in a never-ending race to find vulnerabilities first.
In recent years, the time-lag between the discovery of a vulnerability and the creation of exploit code that makes use of it has diminished.
The worse-case scenario is a so-called ‘zero-day exploit’, where exploit code has been written to take advantage of a vulnerability before the software vendor knows about it and has had the chance to publish a patch for it.
The result is that would-be attackers are free to exploit the vulnerability, unless proactive exploit prevention technologies have been implemented to defend the computer being targeted by the attacker.