Skip to main content
Skip to main content
Microsoft Security Intelligence
500 entries found. Displaying page 1 of 25.
Updated on Oct 16, 2013

Windows Defender Antivirus detects and removes this threat. 

This threat runs on your PC when you visit a hacked or malicious webpage and you are using a vulnerable or out-of-date version of Java, Adobe PDF Reader, or Flash Player.

It then installs other malware on your PC, including components of the "Blackhole" and "Cool" exploit kits. These exploits can download other malware on your PC.

See our exploits page for more information about this type of threat.

 

Alert level: severe
Updated on Jul 12, 2011

Exploit:SWF/CVE-2011-0611.C is the detection for specially crafted Shockwave Flash (SWF) files that attempt to exploit a vulnerability in Adobe Flash Player that could lead to the execution of arbitrary code. The vulnerability is described in CVE-2011-0611 and Adobe Security Advisory APSA11-02.

Alert level: severe
Updated on May 31, 2016

Windows Defender detects and removes this threat.

This threat is a webpage that spreads the exploit kit known as Neutrino.

You PC is at risk of infection if you visit this webpage and you have vulnerable software installed on your PC.

You might be redirected to the malicious webpage without your consent.

Alert level: severe
Updated on Jan 19, 2015

Windows Defender detects and removes this threat.

This threat uses a Microsoft vulnerability to download and run files on your PC, including other malware. It is also called the "MSCOMCTL.OCX RCE Vulnerability".

It runs if you visit a website, use an Office document or .rtf file (Word document), and have a vulnerable version of the following applications on your PC:

  • Microsoft Office 2003 SP3
  • Microsoft Office 2003 Web Components SP3
  • Microsoft Office 2007 SP2 and SP3
  • Microsoft Office 2010 Gold and SP1

It is most often distributed through emails.

You might get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on May 17, 2010
Exploit:JS/Elecom.gen.B is a detection for shellcode used to exploit a vulnerability in Internet Explorer that may allow arbitrary code execution without a user's permission.
 
For more information on the vulnerability, please see the following advisories:
Alert level: severe
Updated on Jan 17, 2013

Exploit:Java/Blacole.AHN is a malicious Java applet that attempts to exploit vulnerabilities (CVE-2012-1723 and CVE-2012-0507) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.

If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.

The following versions of Java are vulnerable to this exploit:

  • JDK and JRE 7 Update 4 and earlier Java SE
  • JDK and JRE 6 Update 32 and earlier Java SE
  • JDK and JRE 5.0 Update 35 and earlier Java SE
  • SDK and JRE 1.4.2_37 and earlier Java SE
Alert level: severe
Updated on Oct 28, 2014

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

  • JRE for Sun JDK (Java Development Kit) and JRE 6 update 10 and earlier
  • JDK and JRE 5.0 update 16 and earlier
  • SDK (Software Development Kit) and JRE 1.4.2_18

To check if you're running a vulnerable version of Java:

  1. In Control Panel, double-click Programs.
  2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
  3. On the General tab, click About to see which version of Java you have installed.
Alert level: severe
Updated on Jan 31, 2012

Exploit:Win32/Pdfjsc.YZ is a specially-crafted Portable Document File (PDF), which exploits a vulnerability in Adobe Acrobat and Adobe Reader discussed in the following articles:

When executed in a vulnerable version of Adobe Acrobat or Adobe Reader, it attempts to download a certain file. It has been found included in the Blackhole exploit kit.

Alert level: severe
Updated on May 09, 2012

Exploit:JS/Mult.AH is a malicious JavaScript that attempts to execute multiple instances of code to exploit a potentially vulnerable operating system environment. The malware could download arbitrary files and send details about the affected computer to a remote attacker.

Alert level: severe
Updated on May 09, 2012

JS/Blacole.CE is a detection for a component of the Blackhole exploit kit - a kit used by attackers to distribute malware. Attackers install the kit onto a server, and then when you visit the compromised server, the kit attempts to exploit various, multiple vulnerabilities on your computer in order to install malware. For example, if you browsed a compromised website containing the exploit pack using a vulnerable computer, malware could be downloaded and installed onto your computer.

Typically, the Blackhole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

For more information on this exploit kit, and steps you can take to avoid being compromised, please see the detailed Blacole description, elsewhere in our encyclopedia.

Alert level: severe
Updated on Apr 11, 2011
Exploit:HTML/CVE-2009-3672.A is a detection for specially crafted HTML script that is designed to attempt to exploit the vulnerability described by Microsoft Security Bulletin 977981.
Alert level: severe
Updated on Apr 11, 2011
Exploit:Win32/Pdfjsc.CR is the detection for a malicious PDF file that exploits the vulnerability discussed in CVE-2007-5659. Upon execution, Exploit:Win32/Pdfjsc.CR runs a JavaScript that attempts to download and execute arbitrary files from remote servers.
Alert level: severe
Updated on Sep 10, 2011

Exploit:JS/Blacole.F is a JavaScript that executes a series of malicious code in an attempt to exploit computers that may be running vulnerable versions of certain software. If exploitation is successful, various malware may be downloaded.

Alert level: severe
Updated on Sep 22, 2011
Exploit:Java/CVE-2010-0840.BQ is a malicious Java applet trojan that exploits a vulnerability described in CVE-2010-0840. Successful exploitation may lead to the downloading and execution of arbitrary files under the user's security context.
Alert level: severe
Updated on Nov 21, 2011
Exploit:Java/Blacole.X is a malicious Java applet that exploits the vulnerability described in CVE-2010-0840. Successful exploitation may lead to remote code execution.
Alert level: severe
Updated on Dec 12, 2011

Exploit:Win32/Pdfjsc.YF is a specially-crafted Portable Document File (PDF), which exploits a vulnerability in Adobe Acrobat and Adobe Reader discussed in the following articles:

It connects to certain servers to download and execute other files.

Alert level: severe
Updated on Nov 03, 2011

Exploit:SWF/Blacole.A is a detection for malicious code within specially crafted Adobe Shockwave flash (.SWF) files. The malicious files are commonly distributed via an exploit kit, known as "Blackhole", within compromised webpages. The malware is capable of redirecting a web browser to another specified website and downloading and executing arbitrary files.

Alert level: severe
Updated on Mar 07, 2021
Alert level: severe
Updated on Nov 12, 2007
Exploit:HTML/AdoStream is a generic detection for malicious JavaScript or VBScripts embedded inside HTML pages. These scripts takes advantage of the ADODB.Stream functionality in ActiveX, combined with known security vulnerabilities in Microsoft Internet Explorer, in order to download and install other malwares onto a computer.
Alert level: severe
Updated on Apr 11, 2011
Exploit:Win32/CVE-2008-4841 is a detection for maliciously formed Microsoft Word documents intended to exploit a vulnerability in Wordpad and the Desktop Search Indexing service on Windows XP versions prior to Service Pack 3.
 
Alert level: severe