HTML_EXPLOYT.AE

Posted: July 4, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	9

First Seen:	July 4, 2012
Last Seen:	October 3, 2021
OS(es) Affected:	Windows

HTML_EXPLOYT.AE is a web page-based PC threat that exploits a recently-uncovered (and, as of the time of this writing, still unpatched) vulnerability in Internet Explorer, CVE-2012-1889. In theory, this exploit can be used to install other PC threats. However, current versions of HTML_EXPLOYT.AE include flaws that fail to bypass Microsoft's default security, which causes Internet Explorer to crash instead of being exploited to attack your computer. In spite of this, SpywareRemove.com malware researchers still recommend that you avoid any potential contact with HTML_EXPLOYT.AE, since HTML_EXPLOYT.AE may be updated for full (and non-crash-inducing) functionality later on – especially since there are already other PC threats in the wild that are capable of using CVE-2012-1889 to full effect.

HTML_EXPLOYT.AE: Halfway to Your PC Through IE... and Then Stopping

HTML_EXPLOYT.AE doesn't have an explicit means of propagation or marketing itself, but HTML_EXPLOYT.AE can be found in spam e-mail links, browser redirect attacks or malicious sites that inflate their search engine rankings. The HTML_EXPLOYT.AE website exploit can only function in Internet Explorer, as the vulnerability that HTML_EXPLOYT.AE targets is built-in to Microsoft's XML Core Services and is inapplicable to other brands of web browsers.

SpywareRemove.com malware researchers have noted that the key trait of HTML_EXPLOYT.AE is that its half-baked attempt at bypassing Microsoft's own security: unlike similar PC threats (such as Sus/20121889-A or Exp/20121889-A), HTML_EXPLOYT.AE doesn't include any means of bypassing the DEP or Data Execution Prevention feature. In practical terms, what this means for victims of HTML_EXPLOYT.AE is that Internet Explorer will crash as soon as a web page that hosts HTML_EXPLOYT.AE is loaded. However, other PC threats that are designed to make up for HTML_EXPLOYT.AE's failings are perfectly capable of using this exploit to run malicious code on your PC without your consent.

Keeping This Browser-Crashing Bug Off Your Browser

Since HTML_EXPLOYT.AE may receive updates in the future that allow HTML_EXPLOYT.AE to complete HTML_EXPLOYT.AE attacks successfully, SpywareRemove.com malware researchers recommend that you avoid potential attack routes for HTML_EXPLOYT.AE. These routes can include links that are embedded in e-mail or instant-messaging spam, disreputable sites that have been confirmed to have poor reputations on the web and sites that are promoted by browser-redirecting PC threats. However, HTML_EXPLOYT.AE attacks that cause observable Internet Explorer crashes aren't likely to result in an infection, although the same web page may also use other attacks besides HTML_EXPLOYT.AE.

Like the CVE-2012-1889 exploit that HTML_EXPLOYT.AE halfheartedly abuses, HTML_EXPLOYT.AE is a recently-identified PC threat. Anti-malware software has the best chance of protecting your PC from HTML_EXPLOYT.AE if you keep all threat databases updated. In cases where you're using competent web security programs with updated threat definitions, SpywareRemove.com malware analysts note that HTML_EXPLOYT.AE should be blocked before HTML_EXPLOYT.AE ever loads in IE in the first place.

HTML_EXPLOYT.AE

Threat Metric

HTML_EXPLOYT.AE: Halfway to Your PC Through IE... and Then Stopping

Keeping This Browser-Crashing Bug Off Your Browser

Leave a Reply