Exploit:Win32/CVE-2010-1885 is a detection for a cross-site scripting method that exploits a vulnerability in Windows Help and Support Center that could allow an attacker to run arbitrary code on the affected computer.

Exploit:Win32/CVE-2011-3402 is a detection for malicious code that attempts to exploit a vulnerability in the Win32 TrueType font parsing engine in the Microsoft Windows component "Win32k.sys". An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.