Exploit:Java/CVE-2010-3552.A is a detection for HTML code that uses a certain Java plug-in to exploit a vulnerability in Java described in CVE-2010-3552, otherwise known as the Java Skyline exploit. Successful exploitation leads to remote code execution.
When a user visits a website that contains this malicious Java class, Exploit:Java/CVE-2010-3552.A, using a system that has a vulnerable version of Sun Java, security checks may be bypassed which allows arbitrary code execution.
When the exploitation is successful, Exploit:Java/CVE-2010-3552.A attempts to download and execute a file, often a malicious program, from a specified URL.
We observed it using the following URL to download a binary file via HTTP and execute it as "test.exe":
Note: This URL has been modified, even though at the time of writing, the site was unavailable.
Analysis by Jonathan San Jose
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.