[Snort-users] Adobe Flash outdated

Edward Fjellskål edwardfjellskaal at ...11827...
Wed Aug 22 07:55:11 EDT 2012


On 08/21/2012 06:07 PM, Paul Cable wrote:
> Here is the payload from a flash advert.
>
> GET /res/2206/40305/39242.swf HTTP/1.1  Accept: */*  Accept-Language: en-US  Referer:
> http://usadmm.dotomi.com/dmm/servlet/dmm?pid=5533&dres=iframe&mtg=0&ms=11&btg=1&mp=1&rwidth=300&rheight=250&pp=712&cg=2035&rurl=http%3A//ads
> x-flash-version: 11,3,300,271  Accept-Encoding: gzip, deflate  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64;
> Trident/5.0)  Host: usweb.dotomi.com  Connection: Keep-Alive
>
>
> And according to Adobe's website:
> http://www.adobe.com/software/flash/about/
> Newest version is 11.3.300.271
>
> I'm getting this message from multiple machines in my office of about 20 clients. Just counting today 15 different systems have spawned this message.
>
>
>
>
> -----Original Message-----
> From: Castle, Shane [mailto:scastle at ...14946...]
> Sent: Tuesday, August 21, 2012 11:07 AM
> To: Paul Cable; snort-users at lists.sourceforge.net
> Subject: RE: Adobe Flash outdated
>
> It's probably a TP, and it refers to the installation of Flash that an IE browser is using. Auto-update doesn't always seem to work, and if the Flash installation is old enough, it isn't there.
>
> In fact, I'd go so far as to say that Adobe's auto-update is broken. Try downloading and running Secunia PSI on a couple of those systems and see what it tells you.
>

And then there was this :)

From: https://www.adobe.com/support/security/bulletins/apsb12-19.html

"Users of Adobe Flash Player 11.3.300.271 and earlier versions for 
Windows and Macintosh should update to Adobe Flash Player 11.4.402.265."




More information about the Snort-users mailing list