Microsoft security software detects and removes this threat.

This threat can infect your PC if it is running vulnerable software, including:

  • Adobe Flash Player version 10 update 3 and earlier, and version 11 update 5 and earlier.
  • Silverlight version 5 and earlier.

If your PC has vulnerable software this threat can download other malware, including Win32/Miuref.

You might get an alert about this threat even if you're not using a vulnerable software. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

Find out ways that malware can get on your PC.  

What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find hidden malware.

Update Java

Make sure you install all available Java updates.

You should remove older versions of Java, as keeping old and unsupported versions of Java on your PC is a serious security risk:

If you continue to get alerted about this threat, deleting your temporary Java files can help:

It's also important to keep your other software up to date:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Exploit:JS/Fiexp.C is a detection for the landing page of the exploit kit known as Fiesta. The landing page can be hosted in the following servers:


We have seen it exploit these vulnerabilities:

  • CVE-2013-0634 (Adobe Flash Player version 10 update 3 and earlier, and version 11 update 5)
  • CVE-2013-0074 (Silverlight version 5 and earlier)

If successful, this threat can download and run other malware, including Win32/Miuref.

Analysis by Vladimir Zubko


Alerts from your security software may be the only symptom.


Alert level: Severe
First detected by definition: 1.165.3994.0
Latest detected by definition: 1.173.2137.0 and higher
First detected on: Feb 13, 2014
This entry was first published on: Mar 06, 2014
This entry was updated on: Dec 29, 2014

This threat is also detected as:
  • JS/Crypted.EY! (Command)
  • Mal/ExpJS-S (Sophos)
  • Fiesta exploit kit (other)