Zero Day Spec Sheet

Bug Sale Specification Sheet
Item Name:
Vendor Homepage:
Vulnerable Software:
Asking Price and Availability for Exclusive Acquisition:
Affected Operating Systems:
Vulnerable Target Application Versions and Reliability:
32-bit: Vulnerable?
64-bit: Vulnerable?
Complete point release range:
Tested, Functional Against Target Application Versions:
Explanation:
Does This Exploit Affect the Current Target Version?
 Yes
 No
Targets Found via Google Dork/Shodan/Censys?
 Yes
 No
Privilege Level Gained:
Options: As Logged-In User, Web Browser's Default, Low, Medium, High, Root/Admin/System, Ring 0/Kernel, Other
Minimum Privilege Level Required for Successful PE:
Options: As Logged-In User, Low, Medium, High, N/A, Other
Exploit Type:
Select All That Apply: Remote Code Execution, Privilege Escalation, Font-Based, Sandbox Escape, Information Disclosure, Code Signing Bypass, Persistency, Other
Delivery Method:
Via Web Page, Via File, Via Network Protocol, Local Privilege Escalation, Other
Bug Class:
Select One: Memory Corruption, Design/Logic Flaw, Input Validation Flaw, Misconfiguration, Information Disclosure, Cryptographic Bug, Denial of Service
Number of Bugs Exploited:
Exploitation Parameters:
Bypasses ASLR, DEP/W^X, Application Sandbox, SMEP/PXN, EMET, CFG, N/A
ROP Usage:
Number of Chains Included:
Is the ROP set complete?
Module ROP occurs from:
Does This Item Alert the Target User?
Explanation:
Exploration Time in Seconds:
Exploitation Time in Seconds:
Specific User Interactions Required?
Associated Caveats or Environmental Factors:
Compatibility with Arbitrary Payloads?
 Yes
 No
Readiness for Immediate Delivery?
 Yes
 No
Delivery Timeline:
Is This Exploit Weaponized?
 Yes
 No
Impact on Framework (Crashes, etc.):
Success Rate or Number of Attempts:
Support Continuation of Execution?
Description and Deliverables Documentation:
Testing Instructions:
Comments, Artifacts, Limitations, or Other Information: