Skip to main content
Skip to main content
Microsoft Security Intelligence
500 entries found. Displaying page 1 of 25.
Updated on Oct 16, 2013

Windows Defender Antivirus detects and removes this threat. 

This threat runs on your PC when you visit a hacked or malicious webpage and you are using a vulnerable or out-of-date version of Java, Adobe PDF Reader, or Flash Player.

It then installs other malware on your PC, including components of the "Blackhole" and "Cool" exploit kits. These exploits can download other malware on your PC.

See our exploits page for more information about this type of threat.

 

Alert level: severe
Updated on Apr 02, 2014

Windows Defender detects and removes this threat.

This threat can infect your PC if it is running vulnerable software, including:

  • Adobe Flash Player version 10 update 3 and earlier, and version 11 update 5 and earlier.
  • Silverlight version 5 and earlier.

If your PC has vulnerable software this threat can download other malware, including Win32/Miuref.

You might get an alert about this threat even if you're not using a vulnerable software. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Alert level: severe
Updated on May 12, 2021
Alert level: severe
Updated on Nov 12, 2007
Exploit:HTML/AdoStream is a generic detection for malicious JavaScript or VBScripts embedded inside HTML pages. These scripts takes advantage of the ADODB.Stream functionality in ActiveX, combined with known security vulnerabilities in Microsoft Internet Explorer, in order to download and install other malwares onto a computer.
Alert level: severe
Updated on Nov 21, 2011
Exploit:Java/Blacole.X is a malicious Java applet that exploits the vulnerability described in CVE-2010-0840. Successful exploitation may lead to remote code execution.
Alert level: severe
Updated on Dec 12, 2011

Exploit:Win32/Pdfjsc.YF is a specially-crafted Portable Document File (PDF), which exploits a vulnerability in Adobe Acrobat and Adobe Reader discussed in the following articles:

It connects to certain servers to download and execute other files.

Alert level: severe
Updated on Sep 22, 2011
Exploit:Java/CVE-2010-0840.BQ is a malicious Java applet trojan that exploits a vulnerability described in CVE-2010-0840. Successful exploitation may lead to the downloading and execution of arbitrary files under the user's security context.
Alert level: severe
Updated on Mar 07, 2021
Alert level: severe
Updated on Nov 03, 2011

Exploit:SWF/Blacole.A is a detection for malicious code within specially crafted Adobe Shockwave flash (.SWF) files. The malicious files are commonly distributed via an exploit kit, known as "Blackhole", within compromised webpages. The malware is capable of redirecting a web browser to another specified website and downloading and executing arbitrary files.

Alert level: severe
Updated on Sep 10, 2011

Exploit:JS/Blacole.F is a JavaScript that executes a series of malicious code in an attempt to exploit computers that may be running vulnerable versions of certain software. If exploitation is successful, various malware may be downloaded.

Alert level: severe
Updated on Apr 11, 2011
Exploit:Win32/CVE-2008-4841 is a detection for maliciously formed Microsoft Word documents intended to exploit a vulnerability in Wordpad and the Desktop Search Indexing service on Windows XP versions prior to Service Pack 3.
 
Alert level: severe
Updated on Apr 11, 2011
Exploit:Win32/Pdfjsc.L is the detection for a specially crafted PDF file that exploits several vulnerabilities in Adobe Acrobat and Adobe Reader.
Alert level: severe
Updated on Apr 11, 2011
Exploit:JS/Mult.AD is the detection for code that attempts to exploit particular vulnerabilities to download and execute arbitrary files. This code may be hosted on compromised or malicious Web sites, and called by other malicious scripts. The vulnerabilities may vary according to sample.
 
It is common for this detection to trigger on a user's Internet cache. This may indicate that the user has recently visited a Web site that has attempted to download and execute files on their computer.
Alert level: severe
Updated on Jan 24, 2017

Windows Defender detects and removes this threat.

It uses vulnerabilities in recent versions of Microsoft Silverlight, Adobe Flash Player, and Java to install malware on your PC. We have seen it try to install PWS:Win32/Zbot.

You might get this threat if you visit a malicious or hacked website, or by clicking a malicious link in an email.

To learn more about how this threat is being used by cybercriminals,

Read: Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Alert level: severe
Updated on Apr 11, 2011
Trojan:Win32/Clort.A!exploit is a trojan that exploits computers that have not applied Security Bulletin MS08-067.
Alert level: severe
Updated on Mar 05, 2012
Exploit:Java/CVE-2011-3544.AO is a malicious Java class that exploits a vulnerability in the Java Runtime Environment (JRE) component in Oracle Java that is discussed in CVE-2011-3544. The trojan is encountered when browsing to a compromised web page that hosts the trojan.
Alert level: severe
Updated on Mar 07, 2012

Exploit:Java/CVE-2011-3544.gen!A is a generic detection for a malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in a Java Runtime Environment (JRE) component in Oracle, JAVA SE JDK and JRE 7, 6 update 27 and earlier. The vulnerability, discussed in CVE-2011-3544, allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

Alert level: severe
Updated on Apr 10, 2012

Exploit:Win32/Pdfjsc.AAP is the detection for specially-crafted PDF files that target software vulnerabilities in Adobe Acrobat and Adobe Reader. The vulnerabilities, discussed in CVE-2010-0188, could allow a remote attacker to cause a denial of service or application crash or possibly execute arbitrary code.

Alert level: severe
Updated on Jan 02, 2013

Exploit:Win32/Pdfjsc.AEW is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

  • Adobe Acrobat and Adobe Reader earlier than 8.2.1
  • Adobe Acrobat and Adobe Reader earlier than 9.3.1
Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

Alert level: severe
Updated on Apr 11, 2011
Exploit:JS/ShellCode.J is a generic detection for JavaScript objects that construct shellcode. These scripts may be embedded within other document files such as specially-crafted .PDF files, for example.
 
This detection also includes malicious JavaScript that attempts to exploit an uninitialized memory corruption vulnerability (CVE-2010-0806) that allows the execution of arbitrary code. Microsoft released Microsoft Security Bulletin MS10-018 to mitigate this vulnerability.
Alert level: severe