It is an attack against the security of a system that tries to exploit vulnerabilities on the software of the system when there are no patches yet, or when the vulnerability is not yet publicly known.