The exploit malware family

Exploits take advantage of weaknesses or “vulnerabilities” in common software, such as Java and Adobe Flash.

A vulnerability is like a hole in your software that malware can use to get onto your PC. Malware can use these vulnerabilities to exploit the way the software works and further infect your PC.

Some of the worst exploits allow attackers to run malicious code on your PC without your knowledge.

We categorize exploits in our encyclopedia by the "platform" they target. For example, Exploit:Java/CVE-2013-1489.A is an exploit that targets a vulnerability in Java.


The best prevention for exploits is to keep all of your software up-to-date.

See our Updating software help page for information on how to keep your software updated, and what you can do to reduce the risk of malware infection your PC.

How exploit attacks work with other malware

Often, an exploit detection on your PC is just one piece of a much larger attack. Malicious hackers can use a large number of exploits to infect your PC with as much malware as they can. Attackers might use an exploit kit to find vulnerabilities on your PC, which they can then try to exploit.

If your security software detects an exploit in your Javacache, it’s likely that an attempt to compromise your PC has been made.

We might alert you about an exploit when you visit a website that contains malicious exploit code even if you aren't using any vulnerable software. This means that the website tried to infect your PC, it doesn't mean it was successful.

If you ever get alerts about exploits, make sure you run a full scan, just to be on the safe side.

What are exploit kits?

Exploit kits are tools that check your PC for software vulnerabilities that they can then try to exploit. They usually use a variety of exploits to attack your PC.

Prevalent exploit kits include:

These kits can use exploits targeting a variety of software, including Adobe Flash Player, Adobe Reader, Internet Explorer, Oracle Java and Sun Java.

The infographic below shows how an exploit kit might attempt to exploit your PC when you visit a compromised webpage:

Exploit kit compromise

How exploits are distributed

The most common method used by attackers to distribute exploits and exploit kits is through webpages, but exploits can also arrive in emails.

Some legitimate websites unknowingly and unwillingly host malicious code and exploits in their ads.

How we name exploits

A project called "Common Vulnerabilities and Exposures (CVE)" is used by many security software vendors. The project gives each vulnerability a unique number, for example, CVE-2013-0422.

The portion "2013" refers to the year the vulnerability was discovered. The "0422" is a unique ID for this specific vulnerability.

You can read more on the CVE website.