I must concur with Gadi. "0day" does not apply. How the vulnerability comes to light does matter. So far, all that has been exposed is "a vulnerability exists." If a PDF which exploits the vulnerability had circulated, then "0day" would apply. Active exploitation is the defining characteristic of "0day". Otherwise all vulnerabilities would be "0day" vulnerabilities. The term would be meaningless.
