Exploit:Java/CVE-2011-3544.AO is a malicious Java class that exploits a vulnerability in the Java Runtime Environment (JRE) component in Oracle Java that is discussed in CVE-2011-3544. The trojan is encountered when browsing to a compromised web page that hosts the trojan.

Exploit:Java/CVE-2011-3544.gen!A is a generic detection for a malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in a Java Runtime Environment (JRE) component in Oracle, JAVA SE JDK and JRE 7, 6 update 27 and earlier. The vulnerability, discussed in CVE-2011-3544, allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

Exploit:Win32/Pdfjsc.AAP is the detection for specially-crafted PDF files that target software vulnerabilities in Adobe Acrobat and Adobe Reader. The vulnerabilities, discussed in CVE-2010-0188, could allow a remote attacker to cause a denial of service or application crash or possibly execute arbitrary code.

Windows Defender detects and removes this threat.

This threat can infect your PC if it is running vulnerable software, including:

• Adobe Flash Player version 10 update 3 and earlier, and version 11 update 5 and earlier.
• Silverlight version 5 and earlier.

If your PC has vulnerable software this threat can download other malware, including Win32/Miuref.

You might get an alert about this threat even if you're not using a vulnerable software. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Exploit:JS/Elecom.gen.B is a detection for shellcode used to exploit a vulnerability in Internet Explorer that may allow arbitrary code execution without a user's permission.

 

For more information on the vulnerability, please see the following advisories:

Exploit:Java/Blacole.AHN is a malicious Java applet that attempts to exploit vulnerabilities (CVE-2012-1723 and CVE-2012-0507) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.

If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware.

The following versions of Java are vulnerable to this exploit:

• JDK and JRE 7 Update 4 and earlier Java SE
• JDK and JRE 6 Update 32 and earlier Java SE
• JDK and JRE 5.0 Update 35 and earlier Java SE
• SDK and JRE 1.4.2_37 and earlier Java SE

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

• JRE for Sun JDK (Java Development Kit) and JRE 6 update 10 and earlier
• JDK and JRE 5.0 update 16 and earlier
• SDK (Software Development Kit) and JRE 1.4.2_18

To check if you're running a vulnerable version of Java:

1. In Control Panel, double-click Programs.
2. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

Exploit:Win32/Pdfjsc.AEW is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat and Adobe Reader earlier than 8.2.1
• Adobe Acrobat and Adobe Reader earlier than 9.3.1

Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

• Updating Software

Exploit:JS/ShellCode.J is a generic detection for JavaScript objects that construct shellcode. These scripts may be embedded within other document files such as specially-crafted .PDF files, for example.

 

This detection also includes malicious JavaScript that attempts to exploit an uninitialized memory corruption vulnerability (CVE-2010-0806) that allows the execution of arbitrary code. Microsoft released Microsoft Security Bulletin MS10-018 to mitigate this vulnerability.

Exploit:Win32/Pdfjsc.FM is the detection for a specially crafted PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader. This file only successfully exploits computer that are affected by the Adobe Acrobat and Adobe Reader vulnerability discussed in CVE-2009-1492.

Exploit:Win32/CVE-2010-1885.gen is a generic detection for a cross-site scripting method that exploits a vulnerability (CVE-2010-1885) in Windows Help and Support Center that could allow an attacker to run arbitrary code on the local computer.

Exploit:Win32/CVE-2010-0817 is the detection for a file that may try to exploit a cross-site scripting (XSS) vulnerability in the file "help.aspx" in Microsoft SharePoint Server 2007.

Exploit:Java/CVE-2008-5353.EQ is based on a vulnerability which affects Java Virtual Machine (JVM) up to and including version 6 update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Win32/CVE-2010-2883.A is a generic detection for specially-crafted PDF files that attempt to exploit the Acrobat SING Table Handling vulnerability CVE-2010-2883. Successful exploitation may lead to denial of service or execution of arbitrary code.

Exploit:Win32/Owapwn.B exploits a vulnerability discussed in CVE-2010-3213 affecting Outlook Web Access 2007. This vulnerability was resolved in Outlook Web Access 2010, and Outlook Web Access 2007 Service Pack 3. 

Exploit:Java/CVE-2008-5353.QZ is a detection for an exploit that is based on a vulnerability which affects Java Virtual Machine (JVM) version 5 up to and including update 22, as well as version 6 up to and including update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Java/CVE-2008-5353.SV is a detection for an exploit that is based on a vulnerability which affects Java Virtual Machine (JVM) version 5 up to and including update 22, as well as version 6 up to and including update 10. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system, outside its "sand box" environment.

Exploit:Python/KViw is the detection for a Python script that exploits a vulnerability in WellinTech KingView software v6.53 used in certain SCADA HMI systems. The vulnerability can be exploited remotely by using a heap overflow in the HistorySrv process, which runs on TCP port 777.