Exploit:Java/CVE-2009-3867 is the detection for a malicious Java applet that exploits the vulnerability described in CVE-2009-3867. The vulnerability is due to an error in the implementation of the HsbParser.getSoundBank function that can be exploited to result in a stack-based buffer overflow.

Exploit:Win32/Wordrp is the detection for files that attempt to exploit vulnerabilities in several word processing software.

Exploit:JS/Pdfjsc.AA is a detection for a specifically obfuscated JavaScript that targets software vulnerabilities in Adobe Acrobat and Adobe Reader. It attempts to exploit a buffer overflow vulnerability also known as CVE-2007-5659.

Exploit:JS/Pdfjsc.GO is a detection for specially-crafted PDF files that attempt to exploit software vulnerabilities in Adobe Acrobat and Adobe Reader. Once the malformed PDF files are opened by vulnerable versions of Adobe Acrobat and Reader, the embedded JavaScript is executed and loads the exploit.

Exploit:Win32/Owapwn.A exploits a vulnerability discussed in CVE-2010-3213 affecting Outlook Web Access 2007. This vulnerability was resolved in Outlook Web Access 2010, and Outlook Web Access 2007 Service Pack 3. 

Exploit:Win32/CVE-2010-3962.A is a detection for a specially-crafted HTML script that is designed to attempt to exploit the reported vulnerability described by Microsoft Security Advisory 2458511. The vulnerability affects Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8. By exploiting this vulnerability, an attacker may be able to execute arbitrary code on a vulnerable computer.

Exploit:Win32/Pidief.BN is a detection for specially-crafted PDF files that target a software vulnerability in Adobe Acrobat and Adobe Reader referenced by Common Vulnerabilities and Exposures (CVE) Identifier CVE-2010-0188. Successful exploitation of the vulnerability could result in the malware downloading and executing arbitrary files.

Exploit:Java/CVE-2010-0840.BH is a detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. Successful exploitation leads to arbitrary code execution.

Exploit:Win32/Shellcode.H is a detection for files that contain a malicious shellcode. These shellcodes may be found within data files, such as documents or spreadsheets (workbooks), in which a heapspray technique is used to exploit a vulnerability resulting in running the shellcode.

Exploit:Java/Midseq.A is a trojan exploit written in Java that exploits a vulnerability discussed in CVE-2010-0842. Successful exploitation could allow the execution of arbitrary code.

 

Exploit:Win32/CVE-2011-0096.A is a generic detection for specially-crafted HTML files that attempt to exploit the vulnerability described in the following pages:

 

Exploit:Java/CVE-2009-3869.O is a Java applet (file size: 2593 bytes) that attempts to execute a buffer overflow exploit that may allow the execution of an arbitrary code with escalated privileges. The applet exploits a buffer overflow which existed in processing malformed images or audio files and affects Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17.

Exploit:Java/CVE-2010-0842.A is a detection for Java malware that exploits a vulnerability discussed in CVE-2010-0842. Successful exploitation of the vulnerability could lead to the execution of arbitrary code.

Exploit:JS/Pdfjsc.PE is a detection for specially-crafted PDF files that attempt to exploit software vulnerabilities in Adobe Acrobat and Adobe Reader that could result in the execution of arbitrary code. The vulnerability is discussed in CVE-2010-0188, and mitigated by Adobe Security Bulletin APSB10-07 released February 2010.

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable when running on Windows:

• Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11

To check if you're running a vulnerable version of Java:

1. In Control Panel, double-click Programs.
2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Exploit:Win32/Pdfjsc.AFU is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat and Adobe Reader earlier than 8.2.1
• Adobe Acrobat and Adobe Reader earlier than 9.3.1

Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

• Updating Software

Exploit:Win32/Pdfjsc.ADF is the detection for specially-crafted PDF files that target software vulnerabilities in Adobe Acrobat and Adobe Reader. The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.