Win32/Exploit.CVE-2013-3906 [Threat Name] go to Threat

Win32/Exploit.CVE-2013-3906.A [Threat Variant Name]

Category trojan
Size 289006 B
Aliases Exploit.OLE2.CVE-2012-1856.b (Kaspersky)
  Exploit:Win32/CVE-2013-3906 (Microsoft)
Short description

Win32/Exploit.CVE-2013-3906.A is a trojan that installs Win32/TrojanDropper.Agent.QJB malware.


The trojan does not create any copies of itself.

The trojan creates the following file:

  • %temp%\­a.l (287232 B, Win32/TrojanDropper.Agent.QJB)

The file is then executed.

Other information

Win32/Exploit.CVE-2013-3906.A is a trojan which tries to download other malware from the Internet.

The trojan contains a URL address. The HTTP protocol is used.

It tries to download a file from the address.

The file is stored into the following folder:

  • %temp%

The file is then executed.

It exploits the CVE-2013-3906 vulnerability.

The following applications are vulnerable:

  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2007 Service Pack 3
  • Microsoft Office 2010 Service Pack 1 (32-bit editions)
  • Microsoft Office 2010 Service Pack 2 (32-bit editions)
  • Microsoft Office 2010 Service Pack 1 (64-bit editions)
  • Microsoft Office 2010 Service Pack 2 (64-bit editions)
  • Microsoft Office Compatibility Pack Service Pack 3
  • Microsoft Lync 2010 (32-bit)
  • Microsoft Lync 2010 (64-bit)
  • Microsoft Lync 2010 Attendee
  • Microsoft Lync 2013 (32-bit)
  • Microsoft Lync Basic 2013 (32-bit)
  • Microsoft Lync 2013 (64-bit)
  • Microsoft Lync Basic 2013 (64-bit)

Please enable Javascript to ensure correct displaying of this content and refresh this page.