Snort mailing list archives

Re: Adobe Flash outdated

From: "Edward Fjellskål" <edwardfjellskaal () gmail com>
Date: Wed, 22 Aug 2012 13:55:11 +0200

On 08/21/2012 06:07 PM, Paul Cable wrote:

Here is the payload from a flash advert.

GET /res/2206/40305/39242.swf HTTP/1.1  Accept: */*  Accept-Language: en-US  Referer:
http://usadmm.dotomi.com/dmm/servlet/dmm?pid=5533&dres=iframe&mtg=0&ms=11&btg=1&mp=1&rwidth=300&rheight=250&pp=712&cg=2035&rurl=http%3A//ads
x-flash-version: 11,3,300,271  Accept-Encoding: gzip, deflate  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows 
NT 6.1; WOW64;
Trident/5.0)  Host: usweb.dotomi.com  Connection: Keep-Alive


And according to Adobe's website:
http://www.adobe.com/software/flash/about/
Newest version is 11.3.300.271

I'm getting this message from multiple machines in my office of about 20 clients. Just counting today 15 different 
systems have spawned this message.




-----Original Message-----
From: Castle, Shane [mailto:scastle () bouldercounty org]
Sent: Tuesday, August 21, 2012 11:07 AM
To: Paul Cable; snort-users () lists sourceforge net
Subject: RE: Adobe Flash outdated

It's probably a TP, and it refers to the installation of Flash that an IE browser is using. Auto-update doesn't 
always seem to work, and if the Flash installation is old enough, it isn't there.

In fact, I'd go so far as to say that Adobe's auto-update is broken. Try downloading and running Secunia PSI on a 
couple of those systems and see what it tells you.


And then there was this :)

From: https://www.adobe.com/support/security/bulletins/apsb12-19.html

"Users of Adobe Flash Player 11.3.300.271 and earlier versions for 
Windows and Macintosh should update to Adobe Flash Player 11.4.402.265."

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Adobe Flash outdated Paul Cable (Aug 21)
- Re: Adobe Flash outdated Castle, Shane (Aug 21)
  - Re: Adobe Flash outdated Paul Cable (Aug 21)
    - Re: Adobe Flash outdated Castle, Shane (Aug 21)
    - Re: Adobe Flash outdated Paul Cable (Aug 21)
    - Re: Adobe Flash outdated Joel Esler (Aug 22)
    - Re: Adobe Flash outdated Edward Fjellskål (Aug 22)