NEW BLOG POST: Windows Defender AV’s behavior monitoring coupled with cloud-powered machine learning models uncovered and blocked a massive Dofoil (Smoke Loader) coin mining campaign. Read the post
Alert level: Severe Detected with Windows Defender Antivirus
Also detected as: No associated aliases
Windows Defender detects and removes this threat.
This threat uses a Microsoft vulnerability to download and run files on your PC, including other malware. It is also called the "MSCOMCTL.OCX RCE Vulnerability".
It runs if you visit a website, use an Office document or .rtf file (Word document), and have a vulnerable version of the following applications on your PC:
- Microsoft Office 2003 SP3
- Microsoft Office 2003 Web Components SP3
- Microsoft Office 2007 SP2 and SP3
- Microsoft Office 2010 Gold and SP1
It is most often distributed through emails.
You might get an alert about this threat even if you're not using a vulnerable version of the application. This is because we detect when a website or file tries to use the vulnerability, even if it isn't successful.