How much is a 0-day vulnerability worth?
ZDnet has this article today of an ebay auction for information on a Microsoft Excel vulnerability that the auction-seller had notified Microsoft of.
An online auction of a “brand new vulnerability” in Microsoft Excel had reached about $60 when eBay pulled the item late Thursday.
A seller using the name “fearwall” started the auction Wednesday evening at 1 cent. It was up to $56 on Thursday afternoon with 21 bids placed, and eBay quashed the auction soon after that.
It’s not terribly shocking when you realize that there are places online that people bid for access to thousands of zombied *(viral infected) pc’s for mere dollars for a few thousand. I wouldn’t be surprised if the same thing has been sold in places less public than ebay.