English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsExploit.Java.CVE-2009-3867.e

Exploit.Java.CVE-2009-3867.e

Detected Aug 27 2010 08:50 GMT
Released Aug 27 2010 17:30 GMT
Published Apr 04 2011 14:04 GMT

Technical Details
Payload
Removal instructions

Technical Details

This exploit uses a vulnerability in Sun Microsystems Java (CVE-2009-3867). It is a Java class file. It is 3412 bytes in size.


Payload

This exploit is a Java applet. It is launched from an infected HTML page using the "<APPLET>" tag. This exploit includes a class file named "seopack", which exploits vulnerability CVE-2009-3867 (CVE-2009-3867). The vulnerable "MidiSystem.getSoundbank" function is called with a string parameter of a certain length. This causes buffer overflow and launches the shell code. This shell code's byte sequence is created from data, sent to the applet in "sc" and "np" parameters of the "<APPLET>" tag.


Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Update Sun Java JRE and JDK to the latest versions.
  2. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).


MD5: 2A75DA33AA4DAB47776A3EFF4BD81F8E
SHA1: C7AA35095C62A30F00119F06A8925E4A5F1E80D2



Print
Bookmark and Share
Share
Trojans
Exploit

Exploits are programs that contain data or executable code which take advantage of one or more vulnerabilities in software running on a local or remote computer for clearly malicious purposes.

Often, malicious users employ an exploit to penetrate a victim computer in order to subsequently install malicious code (for example, to infect all visitors to a compromised website with a malicious program). Additionally, exploits are commonly used by Net-Worms in order to hack a victim computer without any action being required from the user.

Nuker programs are notable among exploits; such programs send specially crafted requests to local or remote computers, causing the system to crash.


Aliases

Exploit.Java.CVE-2009-3867.e (Kaspersky Lab) is also known as:

  • Mal/JavaKC-G (Sophos)
  • Mal/JavaKC-G (Sophos)
  • Mal/JavaKC-G (Sophos)
  • Exploit/ByteVerify (Panda)
  • Exploit/ByteVerify (Panda)
  • Exploit/ByteVerify (Panda)
  • Exploit:Java/CVE-2009-3867.HH (MS(OneCare))
  • Exploit:Java/CVE-2009-3867.HH (MS(OneCare))
  • Exploit:Java/CVE-2009-3867.HH (MS(OneCare))
  • Exploit.Java.115 (DrWeb)
  • Exploit.Java.115 (DrWeb)
  • Exploit.Java.115 (DrWeb)
  • Java:Agent-BY [Expl] (AVAST)
  • Java:Agent-BY [Expl] (AVAST)
  • Java:Agent-BY [Expl] (AVAST)
  • Exploit.Java.CVE-2009 (Ikarus)
  • Exploit.Java.CVE-2009 (Ikarus)
  • Exploit.Java.CVE-2009 (Ikarus)
  • Trojan.Gen (NAV)
  • Trojan.Gen (NAV)
  • Trojan.Gen (NAV)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • Exploit.Java.CVE-2009-3867.e [AVP] (FSecure)
  • Exploit.Java.CVE-2009-3867.e [AVP] (FSecure)
  • Exploit.Java.CVE-2009-3867.e [AVP] (FSecure)
  • TROJ_JAVA.BJ (TrendMicro)
  • TROJ_JAVA.BJ (TrendMicro)
  • TROJ_JAVA.BJ (TrendMicro)

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search