Image

-
Automated Exploit: A graphical application that includes an installer, or no human interaction required, e.g. a network worm.
-
Easy: A non-UNIX binary application, typically containing an installation script, batch file, or other simple installation mechanism. A binary is a pre-compiled exploit that does not require specific operating system or networking knowledge.
-
Moderate: A non-Windows binary application, typically a binary containing an installation script, batch file, or other simple installation mechanism. A binary is a pre-compiled exploit that does require operating system or networking knowledge.
-
Difficult: A non-Windows shell, Perl, or interpreted script program that requires limited knowledge of operating systems, shell code, interpreters, or networking.
-
Extremely Difficult: An un-compiled set of source files, typically compressed in some way that requires specific knowledge of operating systems, compilers, and advanced system experience.
-
No Known Exploit: Typically, this category describes an exploit or that has been referenced in a public forum or advisory and does not include source code, an exploit script, or a reference to predefined exploit source.
-
Automated Exploit: An exploit is available in an exploit kit, exploit framework, or malware (e.g. Worm).
-
Easy: Fully functional exploit code is available, likely in an exploit repository.
-
Moderate: Exploit Code is available but may not be fully functional.
-
Difficult: A proof of concept is available.
-
Extremely Difficult: Minimal details are available — perhaps a technical write-up with no proof of concept.
-
No Known Exploit: No exploits are available.