Norwegian Honeynet Project | A chapter of The Honeynet Project
Time to Exploit
Version 1.0 - 2006.03.13
T2E MAINPAGE   T2E CATEGORY CHARTS

AVERAGE TIME 76.9 days
MEDIAN TIME 5 days




NOTE! Since FrSIRT terminated their exploit and vulnerability information disclosure, the data and results presented on this page is no longer updated automatically.

We're here trying to visualize the time it takes in average for an exploit to be published for a given vulnerability. Currently the only source of exploit information we use as a basis for the statistics are those published by FrSIRT (a.k.a. K-OTik). For each exploit published by FrSIRT, we corrolate the information with the National Vulnerability Database (maintained by NIST) to be able to calculate the time-to-exploit (T2E) value. The T2E value represents the number of days between the time a given vulnerability is made public and the time of the release of an exploit for that vulnerability.

To get a better overall picture we display the average "time to exploit" based on all the available data in our database, however since the calculation of the average value is strongly biased by peak values we also calculate the median value. The median value is more correct for this type of dataset.

The chart and table on this page only shows the 20 most recent exploits. Click on the "T2E Category Charts" tab on the menu to get more customized views.

To date, a total of 29 exploits have been processed. Of these 16 have been marked as "Critical".



Date CVE Exploit/Vulnerability Risk CVSS Base T2E
2006-03-12 CVE-N/A PeerCast "nextCGIarg" Function Request ... Critical 2
2006-03-07 CVE-N/A RevilloC MailServer 1.x "USER" Command ... Critical 0
2006-03-05 CVE-N/A Microsoft Visual Studio "dbp" File Hand... Moderate 0
2006-03-05 CVE-N/A LibTIFF Library "BitsPerSample" Tag Han... High 299
2006-03-01 CVE-2005-2713 Apple Mac OS X "/usr/bin/passwd" Binary... Moderate 4.2 60
2006-02-28 CVE-2003-0220 Kerio Personal Firewall Authentication ... Critical 7 1023
2006-02-26 CVE-2005-2934 SCO UnixWare "ptrace" Call Binaries Deb... Moderate 7 57
2006-02-22 CVE-2006-0848 Apple Mac OS X / Safari "__MACOSX" ZIP ... Critical 3.9 0
2006-02-22 CVE-2006-0005 Microsoft Windows Media Player Plugin R... Critical 4.9 8
2006-02-15 CVE-2006-0006 Microsoft Windows Media Player BMP Hand... Critical 1
2006-02-14 CVE-2005-4723 D-Link Wireless Access Point UDP Packet... Moderate 2.3 45
2006-02-08 CVE-2006-0625 SPIP <= 1.8.2-g "spip_log" and "include... High 4.7 -1
2006-02-08 CVE-2005-4267 Eudora Qualcomm WorldMail IMAPD Service... Critical 7 49
2006-02-07 CVE-2006-0295 Mozilla Firefox "location.QueryInterfac... Critical 3.9 5
2006-02-06 CVE-2006-0564 Microsoft HTML Help Workshop ".hhp" Fil... Moderate 7 0
2006-02-03 CVE-2006-0537 eXchange POP3 "RCPT TO" Command Handlin... Critical 7 0
2006-02-02 CVE-2006-0023 Microsoft Windows SSDP and UPnP Service... Moderate 2.9 -5
2006-01-29 CVE-2006-0476 Nullsoft Winamp Player <= 5.12 PLS Hand... Critical 5.6 -2
2006-01-28 CVE-2004-1373 SHOUTcast <= 1.9.4 HTTP GET Filename Re... Critical 8 401
2006-01-26 CVE-2006-0272 Oracle Database Server 9i/10g XML Datab... High 7 8

Additional information are shown in the mouse-over tooltip feature (e.g. the CVSS vector is shown for each CVSS base score value in the table above).