[Snort-users] Adobe Flash outdated

Paul Cable pcable at ...15769...
Tue Aug 21 12:07:09 EDT 2012


Here is the payload from a flash advert.

GET /res/2206/40305/39242.swf HTTP/1.1  Accept: */*  Accept-Language: en-US  Referer:
http://usadmm.dotomi.com/dmm/servlet/dmm?pid=5533&dres=iframe&mtg=0&ms=11&btg=1&mp=1&rwidth=300&rheight=250&pp=712&cg=2035&rurl=http%3A//ads 
x-flash-version: 11,3,300,271  Accept-Encoding: gzip, deflate  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64;
Trident/5.0)  Host: usweb.dotomi.com  Connection: Keep-Alive


And according to Adobe's website:
http://www.adobe.com/software/flash/about/
Newest version is 11.3.300.271

I'm getting this message from multiple machines in my office of about 20 clients. Just counting today 15 different systems have spawned this message.




-----Original Message-----
From: Castle, Shane [mailto:scastle at ...14946...] 
Sent: Tuesday, August 21, 2012 11:07 AM
To: Paul Cable; snort-users at lists.sourceforge.net
Subject: RE: Adobe Flash outdated

It's probably a TP, and it refers to the installation of Flash that an IE browser is using. Auto-update doesn't always seem to work, and if the Flash installation is old enough, it isn't there.

In fact, I'd go so far as to say that Adobe's auto-update is broken. Try downloading and running Secunia PSI on a couple of those systems and see what it tells you.

-- 
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH

-----Original Message-----
From: Paul Cable [mailto:pcable at ...15769...] 
Sent: Tuesday, August 21, 2012 08:51
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Adobe Flash outdated

I have adobe flash set to auto-update on all of my client machines, but I am still getting massive amounts of:

 

snort: "ET POLICY Outdated Windows Flash Version IE"

 

Is this telling me the adobe flash version running on the website they are visiting is out of date or is it a false positive?

 

Thanks,

PC





More information about the Snort-users mailing list