Home / malware

PDF

Exploit:Java/CVE-2011-3544.A

First posted on 04 August 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:Java/CVE-2011-3544.A.

Explanation :

Exploit:Java/CVE-2011-3544.A is a malicious Java applet stored within a Java Archive (.JAR) file. It attempts to exploit a vulnerability in the Java Runtime Environment (JRE) component in Oracle JAVA SE JDK and JRE 7, 6 Update 27 and earlier. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to run arbitrary Java code outside of the "sandbox" environment.

More information about the vulnerability is available in the following articles:

CVE-2011-3544 Oracle Java SE Critical Patch Update Advisory - October 2011 Installation

Exploit:Java/CVE-2011-3544.A is distributed using the Java Archive (JAR) file format. The JAR file contains classes necessary to execute the exploit code implemented as a Java applet. The exploit takes advantage of the way Java handles Rhino JavaScript errors. A remote attacker may craft an error object in JavaScript which can call protected mode, enabling malicious payload to run in a privileged context.

The JAR package may consist of the following class files:

- malicious class detected as Exploit:Java/CVE-2011-3544.A z.class - a legitimate class from Allatori, a Java obfuscator

where may be, but is not limited to, any of the following:

applet.class av34v.class market.class v1.class Payload

Downloads arbitrary files

Any browser in which Exploit:Java/CVE-2011-3544.A runs may potentially be used to download arbitrary files into the affected computer. In-the-wild scenarios entail a compromised browser connecting to certain hosts, which may include the following:

129.1.67.196 76.81.61 cireet.ru crf3dyndns.org desiportal1.com dolls3.in ix69.com port3for8.in

and then downloading files that have been identified as malware that belongs to any of the following families:

PWS:Win32/Zbot Backdoor:Win32/Simda Trojan:WinNT/Rootkit Trojan:Win32/FakeSysdef Trojan:Win32/Sirefef Worm:Win32/Cridex Additional information

Exploit:Java/CVE-2011-3544.A has been observed to be distributed through the Blackhole exploit kit servers.

Analysis by Methusela Cebrian Ferrer

Last update 04 August 2019

 

TOP

Malware :

• RATDispenser
• whispergate
• Borat RAT
• Trojanized X_Trader
• BlackLotus


• Last 20

Family:

• Exploit:Java/CVE-2011-3544.A
• Exploit:Java/CVE-2011-3544.gen!C