Follow:

 

Exploit:Java/CVE-2008-5353.I


Exploit:Java/CVE-2008-5353.I is a detection for malicious code that attempts to exploit a vulnerability in the Java Runtime Environment (JRE). The exploit may lead to the download and execution of arbitrary files in a computer in which a vulnerable version of JRE is installed.


What to do now

To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:
 
 
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Update vulnerable applications
This threat exploits known vulnerabilities in the Java Runtime Environment. After removing this threat, make sure that you install the updates available from the vendor. You can read more about these vulnerabilities in Java applets, as well as where to download the software update from the following links:

Threat behavior

Exploit:Java/CVE-2008-5353.I is a detection for malicious code that attempts to exploit a vulnerability in the Java Runtime Environment (JRE). The exploit may lead to the download and execution of arbitrary files in a computer in which a vulnerable version of JRE is installed.
 
The vulnerability is described in CVE-2008-5353 and is related to deserializing calendar objects. It may allow an untrusted applet or application to escalate privileges.
 
Exploit:Java/CVE-2008-5353.I is capable of loading the following files, both of which are also detected as Exploit:Java/CVE-2008-5353.I:
 
  • Gmerrews.class
  • GMailer.class
 
Exploit:Java/CVE-2008-5353.I also has the capability to connect to certain URLs to download and execute arbitrary files.
 
Analysis by Francis Allan Tan Seng

Symptoms

System changes
The following system changes may indicate the presence of this malware:
  • The presence of the following files:
    • Gmerrews.class
    • GMailer.class

Prevention


Alert level: Severe
This entry was first published on: Jun 25, 2010
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • JS/Agent.BM (Norman)
  • Java/TrojanDownloader.Agent.NBA (ESET)
  • Exploit.Java.Agent (Ikarus)
  • Exploit-CVE2008-5353 (McAfee)
  • Troj/JavaDl-W (Sophos)
  • Exploit.Java.Agent.f (Kaspersky)
  • JAVA/Exploit.N (Norman)
  • EXP/Java.Agent.F.6 (Avira)
  • Java/Exploit.Agent.F (ESET)