[Snort-users] Adobe Flash outdated

Paul Cable pcable at ...15769...
Tue Aug 21 12:07:09 EDT 2012

Here is the payload from a flash advert.

GET /res/2206/40305/39242.swf HTTP/1.1  Accept: */*  Accept-Language: en-US  Referer:
x-flash-version: 11,3,300,271  Accept-Encoding: gzip, deflate  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64;
Trident/5.0)  Host: usweb.dotomi.com  Connection: Keep-Alive

And according to Adobe's website:
Newest version is 11.3.300.271

I'm getting this message from multiple machines in my office of about 20 clients. Just counting today 15 different systems have spawned this message.

-----Original Message-----
From: Castle, Shane [mailto:scastle at ...14946...] 
Sent: Tuesday, August 21, 2012 11:07 AM
To: Paul Cable; snort-users at lists.sourceforge.net
Subject: RE: Adobe Flash outdated

It's probably a TP, and it refers to the installation of Flash that an IE browser is using. Auto-update doesn't always seem to work, and if the Flash installation is old enough, it isn't there.

In fact, I'd go so far as to say that Adobe's auto-update is broken. Try downloading and running Secunia PSI on a couple of those systems and see what it tells you.

Shane Castle
Data Security Mgr, Boulder County IT

-----Original Message-----
From: Paul Cable [mailto:pcable at ...15769...] 
Sent: Tuesday, August 21, 2012 08:51
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Adobe Flash outdated

I have adobe flash set to auto-update on all of my client machines, but I am still getting massive amounts of:


snort: "ET POLICY Outdated Windows Flash Version IE"


Is this telling me the adobe flash version running on the website they are visiting is out of date or is it a false positive?




More information about the Snort-users mailing list