Exploit:Java/CVE-2012-1723.A allows an attacker to gain access to and run arbitrary files on your computer.

Make sure you install all available updates from Java to avoid this exploit. For more information on updating Java please see the Additional information section in this entry.

Exploit:Java/CVE-2012-1723.A is the detection for malicious JavaScript code that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 7, update 4 (described in CVE-2012-1723). 

If this detection is reported then it is likely that your computer has been compromised beyond this single infection. Your antivirus solution may soon begin to report other malware detections as new malicious files are downloaded and executed on your computer.

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.

Exploit:Java/CVE-2012-1723.A allows an attacker to gain access to and run arbitrary files on your computer.

Make sure you install all available updates from Java to avoid this exploit. For more information on updating Java please see the Additional information section in this entry.

Exploit:Java/CVE-2012-1723.A is the detection for malicious JavaScript code that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 7, update 4 (described in CVE-2012-1723).

Installation

Exploit:Java/CVE-2012-1723.A may be loaded when you visit a webpage that hosts the malicious JavaScript code. Note, however, that a number of legitimate websites could be compromised or unwillingly host malicious code through advertising frames which could redirect to or host the malicious code.

Additionally, note that an attacker cannot force you or your browser to visit a malicious website. Instead, an attacker may try to convince you to visit their website, typically by getting you to click a link in an email, an instant messenger request, a Facebook wall post or through other social engineering techniques.

Payload

If you do visit a webpage which hosts Exploit:Java/CVE-2012-1723.A, the exploit attempts to trigger the vulnerability in the JRE.

This vulnerability allows malware download other malware onto your computer, which may allow the attacker access to your computer.

Additional information

Vulnerabilities in the JRE are rectified through the application of patches from the Java website.

Therefore, the best way to protect your computer from all Java vulnerabilities is to ensure that your version of Java is up-to-date. See the Java updates page for links to download the latest version for your operating system.

Analysis by Patrick Estavillo

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

• Microsoft Security Essentials
• Microsoft Safety Scanner

Update vulnerable Java applications

This threat exploits a known vulnerability in Java. After removing this threat, make sure that you install the updates available from the vendor. You can read more about this vulnerability in Java, as well as where to download the software update from the following links:

• CVE-2012-1723
• Java updates

It may be necessary to remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the following information.

• Remove older versions of Java