Exploit:Java/CVE-2011-3544 is a family of malicious Java applets that attempt to exploit a vulnerability in the Java Runtime Environment (JRE) in order to download and install files of an attacker's choice onto your computer.

If you visit a website containing the malicious code while using a vulnerable version of Java, Exploit:Java/CVE-2011-3544 is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.

Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier are all vulnerable to this exploit.

Microsoft security software detects and removes this family of threats.

This malware family looks for vulnerabilities in the following software:

• Java Development Kit and Java Runtime Environment
• Adobe Flash Player
• Microsoft True Type Font

If a vulnerability is found they can then download other malware onto your PC.

You can be redirected to a malicious or compromised website that hosts this threat as you browse the Internet or when you click a link in a spam email.

Our exploits page explains more about this type of threat.
 

Exploit:Win32/CVE-2011-3402 is a detection for malicious code that attempts to exploit a vulnerability in the Win32 TrueType font parsing engine in the Microsoft Windows component "Win32k.sys". An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Exploit:SWF/CVE-2011-2140.A is the detection for specially crafted Adobe Shockwave Flash (SWF) files that exploit the vulnerability described in the following articles:

• CVE-2011-2140
• APSB11-21

It attempts to play a movie file. As of this writing, the movie file is unavailable.

Windows Defender detects and removes this threat.

Exploit:Win32/CVE-2011-0104 is a malicious Microsoft Office file that exploits the vulnerability described in CVE-2011-0104, and resolved with the release of Microsoft Security Bulletin MS11-021.

This file might arrive as an attachment to a spammed email, and might use social engineering techniques (like a legitimate-sounding file name) to get you to open it.

Exploit:Win32/CVE-2011-1252.A is the detection for malware that exploits a vulnerability in Internet Explorer. It may arrive in the computer via a specially-crafted email message. It downloads files from a certain server.

Exploit:Win32/CVE-2011-0976 is a detection of a malformed Microsoft PowerPoint data file that contains a file structure that attempts to exploit a vulnerability mentioned in CVE-2011-0976. Successful exploitation of the vulnerability could lead to the execution of arbitrary code. The vulnerability is mitigated by Microsoft Security Bulletin MS11-022, released April 2011.

Exploit:Win32/CVE-2011-0980 is the generic detection for specially crafted Microsoft Excel files that exploit a vulnerability discussed in CVE-2011-0980 and resolved with the release of Microsoft Security Bulletin MS11-021.

Exploit:Java/CVE-2011-3544.O is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

More information about the vulnerability is available in the following articles:

• CVE-2011-3544
• Oracle Java SE Critical Patch Update Advisory - October 2011

Exploit:Java/CVE-2011-3544.N is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

Windows Defender detects and removes this threat.

It tries to exploit a vulnerability in Android devices to gain access and control of the device.

This is often done by someone wanting to install special apps on their device.

Exploit:Win32/CVE-2011-2462 is a detection of a malformed PDF file that contains a file structure that attempts to exploit a vulnerability mentioned in CVE-2011-2462, and detailed further here: http://www.adobe.com/support/security/advisories/apsa11-04.html.

Exploit:Win32/CVE-2011-0094.A is the detection for an JavaScript, which attempts to exploit a vulnerability in Internet Explorer.

Exploit:JS/CVE-2011-1345 is a detection for an exploit which is based on the vulnerability described in CVE-2011-1345 and resolved with the release of Microsoft Security Bulletin MS11-018. The vulnerability affects Internet Explorer (IE) browsers versions 6,7 and 8. Internet Explorer 9 is not affected. Successful exploitation of the vulnerability can lead to execution of arbitrary code on an affected computer within the current user's security context.

Exploit:Win32/CVE-2011-0979 is a detection for a malformed Microsoft Excel spreadsheet data file that contains a file structure that attempts to exploit a vulnerability mentioned in CVE-2011-0979. Successful exploitation of the vulnerability could lead to the execution of arbitrary code. The vulnerability is mitigated by Microsoft Security Bulletin MS11-021, released April 2011.

Exploit:SWF/CVE-2011-2110.A is a detection for specially-crafted Shockwave Flash (.SWF) files that attempt to exploit software vulnerabilities in Adobe Flash Player and Adobe Reader and Acrobat X.

Exploit:Java/CVE-2011-3544.BU is a detection for the obfuscated Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in a Java Runtime Environment (JRE) component in Oracle, JAVA SE JDK and JRE 7, 6 update 27 and earlier. The vulnerability, discussed in CVE-2011-3544, allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.