Exploit:SWF/CVE-2011-0611.A

Exploit:SWF/CVE-2011-0611.A is a detection for specially crafted malicious code within a Shockwave Flash (SWF) file. The malicious code attempts to exploit a vulnerability in Adobe Flash Player that could lead to the execution of arbitrary code. The vulnerability is described in CVE-2011-0611 and Adobe Security Advisory APSA11-02.

Installation

In the wild, this exploit was observed to be distributed in a spammed email message as an attached file named "Disentangling Industrial Policy and Competition Policy in China.doc". The attached file is a Microsoft Word document containing an embedded copy of the exploit.

Upon opening the Word document on a vulnerable system, the SWF file will be run. The embedded SWF drops a trojan, detected as Backdoor:Win32/Poison.M, as the following file:

%temp%\scvhost.exe

The dropped malware is executed.

Additional Information

For more information about Backdoor:Win32/Poison.M, see the description elsewhere in the encyclopedia.

Analysis by Jaime Wong