The days are counted from the release of a fix. If something been known for two years but a fix was released on 11th August, then it was a zero-day for the two years until 11th August and it's a "day-6" vulnerability today.
IIRC the term was introduced to contrast with day-1 attacks with exploits developed by reverse engineering patches on the day they are released and attempting to exploit systems in the gap until they get patched.
IIRC the term was introduced to contrast with day-1 attacks with exploits developed by reverse engineering patches on the day they are released and attempting to exploit systems in the gap until they get patched.