Often the terms threat, attack, and vulnerability are interchanged and misused. Each is defined here.
Definition of threat: the expressed potential for the occurrence of a harmful event such as an attack.
Definition of attack: an action taken against a target with the intention of doing harm.
Definition of vulnerability: a weakness that makes targets susceptible to an attack.
Excerpt from CISSP Guide to Security Essentials, chapter 10