We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Exploit:Win32/CVE-2011-0104
Aliases: Exploit.MSExcel.Agent.f (Kaspersky) sploitscan/Shellcode.B (Norman) EXP/Excel.B (Avira) X97M/Exploit.Agent.F trojan (ESET) MSExcel/Hlinic.A!exploit (Fortinet) Exploit.MSExcel.Agent (Ikarus) Exploit-MSExcel.b.demo (McAfee) Hack.Exploit.Agent.bu (Rising AV) Trojan.Hlinic (Symantec) HEUR_OLEXP.B (Trend Micro)
Summary
Windows Defender detects and removes this threat.
Exploit:Win32/CVE-2011-0104 is a malicious Microsoft Office file that exploits the vulnerability described in CVE-2011-0104, and resolved with the release of Microsoft Security Bulletin MS11-021.
This file might arrive as an attachment to a spammed email, and might use social engineering techniques (like a legitimate-sounding file name) to get you to open it.
The following free Microsoft software detects and removes this threat:
- Microsoft Security Essentials or, for Windows 8, Windows Defender
- Microsoft Safety Scanner
Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.
You can also visit the Microsoft virus and malware community for more help.
Update Microsoft Office
This threat exploits a vulnerability in Microsoft software. Run Microsoft Update to make sure your software is up to date and your PC is no longer affected by this vulnerability.
