Uninformed: Informative Information for the Uninformed

Vol 9» 2008.Jan

Exploitation Properties

Exploitation properties describe the ease with which an arbitrary vulnerability might be exploited. An understanding of a system's perceived exploitability can provide useful insights when attempting to establish the risk factors associated with it1. It is important to note that exploitation properties do not provide any indication that a vulnerability exists; instead, they are only meant to convey information about how easily a vulnerability could be exploited. The concept of an exploitation property can be broken into different categories which are tied to the configuration or context that the property is associated with. Examples of these categories include platforms, processes, binary modules, functions, and so on.

The following subsections provide concrete examples to better illustrate the concept of an exploitation property. These examples are given by showing what implications a property has with respect to exploitation as well as how a property might be derived. It should be noted that the examples given in this paper do not represent a complete, exhaustive set of exploitation properties.