[Snort-users] Adobe Flash outdated
pcable at ...15769...
Tue Aug 21 12:07:09 EDT 2012
Here is the payload from a flash advert.
GET /res/2206/40305/39242.swf HTTP/1.1 Accept: */* Accept-Language: en-US Referer:
x-flash-version: 11,3,300,271 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64;
Trident/5.0) Host: usweb.dotomi.com Connection: Keep-Alive
And according to Adobe's website:
Newest version is 11.3.300.271
I'm getting this message from multiple machines in my office of about 20 clients. Just counting today 15 different systems have spawned this message.
From: Castle, Shane [mailto:scastle at ...14946...]
Sent: Tuesday, August 21, 2012 11:07 AM
To: Paul Cable; snort-users at lists.sourceforge.net
Subject: RE: Adobe Flash outdated
It's probably a TP, and it refers to the installation of Flash that an IE browser is using. Auto-update doesn't always seem to work, and if the Flash installation is old enough, it isn't there.
In fact, I'd go so far as to say that Adobe's auto-update is broken. Try downloading and running Secunia PSI on a couple of those systems and see what it tells you.
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH
From: Paul Cable [mailto:pcable at ...15769...]
Sent: Tuesday, August 21, 2012 08:51
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Adobe Flash outdated
I have adobe flash set to auto-update on all of my client machines, but I am still getting massive amounts of:
snort: "ET POLICY Outdated Windows Flash Version IE"
Is this telling me the adobe flash version running on the website they are visiting is out of date or is it a false positive?
More information about the Snort-users