McAfee > Theat Center > Virus Detail Page

Overview

 -- Update March 31, 2009 ---

The McAfee DAT files have incorrectly identified clean .swf files as containing this exploit. This impacted Rosetta Stone language training software. This false detection was only seen with McAfee Antivirus products running the 5301 engine. McAfee DAT file version 5570 has resolved this false detection.

------

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This is a detection on SWF files which attempt to exploit a known buffer overflow vulnerability in Adobe Flash Player 9.0.115.0 and earlier.

This vulnerability can be exploited remotely when a user visits a website hosting a malicious SWF file which contains arbitary code that are executed leading to the user's computer being compromised.

References:

• http://www.securityfocus.com/bid/28695/
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071

Symptoms

• Crashing of Adobe Flash player if the exploit fails

Method of Infection

• Opening a malicious SWF file

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

 -- Update March 31, 2009 ---

The McAfee DAT files have incorrectly identified clean .swf files as containing this exploit. This impacted Rosetta Stone language training software. This false detection was only seen with McAfee Antivirus products running the 5301 engine. McAfee DAT file version 5570 has resolved this false detection.

------

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This is a detection on SWF files which attempt to exploit a known buffer overflow vulnerability in Adobe Flash Player 9.0.115.0 and earlier.

This vulnerability can be exploited remotely when a user visits a website hosting a malicious SWF file which contains arbitary code that are executed leading to the user's computer being compromised.

References:

• http://www.securityfocus.com/bid/28695/
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071

Symptoms

Symptoms -

• Crashing of Adobe Flash player if the exploit fails

Method of Infection

Method of Infection -

• Opening a malicious SWF file

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A