Follow:

 

Exploit:Win32/CVE-2012-4969.C


Exploit:Win32/CVE-2012-4969.C is an exploit for the vulnerability in Internet Explorer described in Microsoft Security Advisory 2757760. The exploit eventually leads to another malware being downloaded into your computer.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

We also recommend that you run the Fixit tool described in Microsoft Security Advisory 2757760.

Threat behavior

Exploit:Win32/CVE-2012-4969.C is an exploit for the vulnerability in Internet Explorer described in Microsoft Security Advisory 2757760 and described in detail in CVE-2012-4969.

It is triggered when you visit a specially-crafted webpage, for example named "exploit.html". This page loads a SWF file, which is detected as Exploit:SWF/ShellCode.G.

If the SWF file loads, it tries to load another webpage, for example named "protect.html". This page contains the actual exploit and is detected as Exploit:Win32/CVE-2012-4969.A. If the vulnerability is successfully exploited, Exploit:Win32/CVE-2012-4969.A downloads a file from the server located in "62.152.104.149". The downloaded file is detected as Backdoor:Win32/Poison.BR.

Analysis by Daniel Chipiristeanu


Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.


Prevention


Alert level: Severe
First detected by definition: 1.135.1427.0
Latest detected by definition: 1.137.74.0 and higher
First detected on: Sep 17, 2012
This entry was first published on: Sep 17, 2012
This entry was updated on: Sep 21, 2012

This threat is also detected as:
  • JS/Dufmoh (AhnLab)
  • Trojan-Downloader.HTML.SWFLoad.g (Kaspersky)
  • FlashLoad.A (Norman)
  • HTML/Flashload.A (Avira)
  • Trojan-Downloader.HTML.SWFLoad (Ikarus)
  • Exploit-IEexecCommand (McAfee)
  • Troj/SWFDL-G (Sophos)
  • HTML_EXPDROP.II (Trend Micro)