Skip to main content
Skip to main content
Microsoft Security Intelligence
500 entries found. Displaying page 1 of 25.
Updated on Apr 11, 2011
Trojan:JS/Proxas.A is a detection for JavaScript-enabled objects that exhibit malware behavior. Malicious Web sites and PDF documents may contain such JavaScript code that attempts to execute code without the user's knowledge. An example of other malware that may execute this JavaScript is Exploit:Win32/Pdfjsc.D.
Alert level: severe
Updated on Apr 11, 2011
Exploit:JS/CVE-2008-0015 is the detection for code that attempts to exploit a vulnerability in the Microsoft Video ActiveX Control. This vulnerability is discussed in detail in Microsoft Security Advisory (972890). When a user visits a Web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it may connect to a remote server and download other malware. Currently, we are aware of cases where exploits download and execute Worm:Win32/Dogkild.A on the system.
Alert level: severe
Updated on Oct 04, 2012

Exploit:JS/Sakra.A is file that is part of the Sakura exploit kit. This kit is used to infect your computer with different malware. It acts as a malware distributing platform by compromising websites; if you visit those websites, your computer may become infected with malware. It exploits vulnerabilities in different software to maximize the possibility of infection.

Alert level: severe
Updated on Oct 21, 2012

Java/Blacole.GN is a detection for a component of the Blackhole exploit kit - a kit used by attackers to distribute malware. Attackers install the kit onto a server, and then when you visit the compromised server, the kit attempts to exploit various, multiple vulnerabilities on your computer in order to install malware. For example, if you browsed a compromised website containing the exploit pack using a vulnerable computer, malware could be downloaded and installed onto your computer.

Typically, the Blackhole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

For more information on this exploit kit, and steps you can take to avoid being compromised, please see the detailed Blacole description, elsewhere in our encyclopedia.

Alert level: severe
Updated on Oct 30, 2012

Exploit:Java/CVE-2012-0507.ANG is a malicious Java applet that attempts to exploit a vulnerability (CVE-2012-0507) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.

If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.

The following versions of Java are vulnerable to this exploit:

  • JDK and JRE 7 Update 2 and earlier Java SE
  • JDK and JRE 6 Update 30 and earlier Java SE
  • JDK and JRE 5.0 Update 33 and earlier Java SE
  • SDK and JRE 1.4.2_35 and earlier Java SE
  • JavaFX 2.0.2 and earlier JavaFX
Alert level: severe
Updated on May 12, 2022
Alert level: severe
Updated on Nov 09, 2011

Exploit:Java/Blacole.D is a Java Class module that is included in a JAR file. It is part of the 'Blackhole' exploit kit, described in CVE-2010-0840.

Alert level: severe
Updated on Nov 17, 2011

Exploit:Java/Blacole.W is the detection for the Java class module included in "worms.jar" that is part of the "Blackhole" exploit pack. The file "worms.jar" is an applet that exploits the vulnerability in Java Runtime Environment described in CVE-2010-0840.

Alert level: severe
Updated on Dec 13, 2011

Exploit:Java/CVE-2011-3544.A is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

More information about the vulnerability is available in the following articles:

Alert level: severe
Updated on Jan 06, 2012

Exploit:JS/Blacole.AD is a malicious JavaScript that attempts to exploit several vulnerabilities in Adobe Acrobat and Reader. If the exploit is successful in compromising a vulnerable host, it could result in downloading and executing other malware. Exploit:JS/Blacole.AD is a component of an exploit kit that is distributed as the "Blackhole exploit pack".

Alert level: severe
Updated on Jun 21, 2011

Exploit:SWF/CVE-2011-2110.A is a detection for specially-crafted Shockwave Flash (.SWF) files that attempt to exploit software vulnerabilities in Adobe Flash Player and Adobe Reader and Acrobat X.

Alert level: severe
Updated on Mar 22, 2017

Windows Defender detects and removes this threat.

This threat loads a malicious Adobe Flash object in your browser in order to download malware, including ransomware such as Ransom:Win32/Cerber.

You might be redirected to the web page that loads the object without your consent.

The malicious Adobe Flash object exploits the vulnerability described in CVE-2015-8651 and Adobe Security Bulletin APSB16-01.

Note that you might get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.

Read more about how this threat is being used by cybercriminals in this blog post:

 

Alert level: severe
Updated on May 07, 2012
Exploit:Java/CVE-2012-0507.Q!dr is a malicious Java class component that, in combination with Exploit:Java/CVE-2012-0507.Q attempts to exploit a vulnerability in the Java Runtime Environment (JRE) in order to download and install files of an attacker's choice onto your computer. Versions up to and including version 7 update 2, version 6 update 30 and version 5 update 33 of the JRE are vulnerable to this exploit. The vulnerability is described further in CVE-2012-0507.
Alert level: severe
Updated on Jul 05, 2011

Exploit:Java/CVE-2010-0840.DJ is a detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. Successful exploitation leads to remote code execution.

Alert level: severe
Updated on Aug 11, 2011

Exploit:HTML/IframeRef.V is a detection for specially-formed IFrame tags that point to remote websites containing malicious content, for example malicious JavaScript containing an exploit for a specific vulnerability.

Alert level: severe
Updated on Apr 11, 2011
Exploit:HTML/Bankfraud is generic detection for e-mail that contains malicious links or other characteristics indicative of a phishing attack.
Alert level: severe
Updated on Apr 11, 2011
Exploit:HTML/Meloits.A is an HTML exploit of a vulnerability found in Visual Studio 2005 which could allow an attacker to remotely execute arbitrary code on impacted systems. Details on this vulnerability can be found in Microsoft Security Advisory (927709) at  http://www.microsoft.com/technet/security/advisory/927709.mspx
Alert level: severe
Updated on Apr 11, 2011
Exploit:HTML/Repl.B is a malicious JavaScript program embedded inside HTML files which exploits a buffer overflow vulnerability in  RealPlay 10.5 and RealPlay 11 Beta.
Alert level: severe
Updated on Apr 11, 2011
Exploit:JS/Mult.AF is a detection for code that exploits a certain vulnerability in Internet Explorer 7 in order to download and run arbitrary files.
 
Files detected as Exploit:JS/Mult.AF may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AF is loaded, the vulnerability in Internet Explorer is exploited.
 
Microsoft strongly recommends that users refer to the workarounds specified in Microsoft Security Advisory (961051) immediately.
Alert level: severe
Updated on Apr 11, 2011
Exploit:JS/Mult.AI is a detection for code that exploits a certain vulnerability in Internet Explorer 7 in order to download and run arbitrary files.
 
Files detected as Exploit:JS/Mult.AI may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AI is loaded, the vulnerability in Internet Explorer is exploited.
 
Microsoft strongly recommends that users refer to the workarounds specified in Microsoft Security Advisory (961051) immediately.
Alert level: severe