http://hassassociates-online.com/articles/security-holes/
Vulnerabilities
The larger and more complex information systems are, the greater the possibility of error in logic and loopholes in algorithm.
These are weak points that could enable hackers to breach a system and compromise the integrity of information stored. Programmers themselves who are not yet adept in writing software code can unknowingly misuse the code and lead to a vulnerability.
A classic example of vulnerabilities that can be exploited is a weak password or its repeated use on various services or software. There are also websites containing malware that installs automatically once visited. Even legitimate software could be a venue for an exploit due to unknown errors (bugs) generated by the program. The end-user or the human element in information systems is arguably the weakest point that hackers easily utilize.
0-day exploits
0-hour or 0-day attack is the exploitation by outside parties of a security hole in a computer program which is unknown from its developers. The term comes from the premise that the attack unfolds on the “day 0, meaning no awareness as of yet from the developers so there is no opportunity and time to issue a fix for the threat. Zero-day exploits are usually shared among hackers even before the developer knew.
Programmers could use the vulnerabilities via several avenues: on web browsers and email. Web browsers allow for a wider target. Meanwhile, using email, hackers can send a message that includes an executable file on the attachments, set to run once downloaded.
Such 0-day threats are in the time frame where a security hole is exploited up to the time that the program developers issued a patch for it.
