CVE-2001-1088 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	25.6%	–	–
2022-04-03	–	–	25.6%	–	–
2023-03-12	–	–	–	2.5%	–
2023-04-23	–	–	–	3.88%	–
2023-11-05	–	–	–	3.58%	–
2024-06-02	–	–	–	3.58%	–
2024-12-22	–	–	–	21.64%	–
2025-01-26	–	–	–	21.64%	–
2025-01-19	–	–	–	21.64%	–
2025-01-25	–	–	–	21.64%	–
2025-03-18	–	–	–	–	37.3%
2025-03-30	–	–	–	–	31.95%
2025-04-22	–	–	–	–	31.95%
2025-04-22	–	–	–	–	31.95,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	96%
2022-04-03	97%
2023-03-12	88%
2023-04-23	91%
2023-11-05	91%
2024-06-02	92%
2024-12-22	96%
2025-01-26	97%
2025-01-19	96%
2025-01-25	97%
2025-03-18	97%
2025-03-30	96%
2025-04-22	97%
2025-04-22	97%

source: https://www.securityfocus.com/bid/2823/info Outlook Express is the standard e-mail client that is shipped with Microsoft Windows 9x/ME/NT. The address book in Outlook Express is normally configured to make entries for all addresses that are replied to by the user of the mail client. An attacker may construct a message header that tricks Address Book into making an entry for an untrusted user under the guise of a trusted one. This is done by sending a message with a misleading "From:" field. When the message is replied to then Address Book will make an entry which actually replies to the attacker. Situation: 2 good users Target1 and Target2 with addresses target1@example.com and target2@example.com and one bad user Attacker, attacker@example.com. Imagine Attacker wants to get messages Target1 sends to Target2. Scenario: 1. Attacker composes message with headers: From: "target2@example.com" <attacker@example.com> Reply-To: "target2@example.com" <attacker@example.com> To: Target1 <target1@example.com> Subject: how to catch you on Friday? and sends it to target1@example.com 2. Target1 receives mail, which looks absolutely like mail received from target2@example.com and replies it. Reply will be received by Attacker. In this case new entry is created in address book pointing NAME "target2@example.com" to ADDRESS attacker@example.com. 3. Now, if while composing new message Target1 directly types e-mail address target2@example.com instead of Target2, Outlook will compose address as "target2@example.com" <attacker@example.com> and message will be received by Attacker.