Microsoft security software detects and removes this threat.

This threat is associated with an exploit kit called SweetOrange. It can exploit vulnerabilities in Java, specifically the vulnerability discussed in CVE-2013-0422.

Find out ways that malware can get on your PC.  

What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware.

Update Java

Make sure you install all available Java updates. You can read more about this vulnerability and download software updates from these links:

You should remove older versions of Java, as keeping old and unsupported versions of Java on your PC is a serious security risk:

If you continue to get alerted about this threat, deleting your temporary Java files can help:

It's also important to keep your other software up to date:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

This threat is a detection for a JScript component associated with the exploit kit called SweetOrange. Similar to any other exploit kit, such as Blacole, it first determines information about your browser. This includes the browser you use (for example, Internet Explorer or Mozilla Firefox), its version, and what plug-ins are installed.

SweetOrange can exploit vulnerabilities in Java, specifically the vulnerability discussed in CVE-2013-0422.

It usually comes bundled with another file detected as Exploit:Java/CVE-2013-0422.

Analysis by Methusela Cebrian Ferrer


Alerts from your security software may be the only symptom.


Alert level: Severe
First detected by definition:
Latest detected by definition: and higher
First detected on: Apr 17, 2014
This entry was first published on: Mar 24, 2014
This entry was updated on: Dec 29, 2014

This threat is also detected as:
  • SweetOrange (other)