Exploit:SWF/CVE-2011-0609 threat description - Microsoft Security Intelligence

Threat behavior

Exploit:SWF/CVE-2011-0609 is a detection for specially crafted Adobe Shockwave flash (.SWF) files that attempt to exploit vulnerabilities in Adobe Flash discussed in CVE-2011-0609 and Adobe Security Advisory APSA11-01.

In the wild, this exploit has been observed to be decrypted and loaded at runtime by flash files detected as Exploit:Win32/Shellcode.G or Exploit:Win32/Shellcode.H. The embedded shellcode, once executed, will drop and execute an executable as its main payload. At the time of this writing, the payload drops and executes malware detected as Backdoor:Win32/Poison.M.

Additional Information

Exploit:Win32/Shellcode.G and Exploit:Win32/Shellcode.H were found embedded within Microsoft Excel and Word data files and distributed as an attachment detected as Trojan:Win32/Malfws.A or Trojan:Win32/Malfws.B.

Analysis by Marian Radu

Prevention

Take these steps to help prevent infection on your computer.

Exploit:SWF/CVE-2011-0609

Summary

What to do now

Technical information

Threat behavior

Additional Information

Prevention

Symptoms