Snort mailing list archives
Re: Adobe Flash outdated
From: "Edward Fjellskål" <edwardfjellskaal () gmail com>
Date: Wed, 22 Aug 2012 13:55:11 +0200
On 08/21/2012 06:07 PM, Paul Cable wrote:
Here is the payload from a flash advert. GET /res/2206/40305/39242.swf HTTP/1.1 Accept: */* Accept-Language: en-US Referer: http://usadmm.dotomi.com/dmm/servlet/dmm?pid=5533&dres=iframe&mtg=0&ms=11&btg=1&mp=1&rwidth=300&rheight=250&pp=712&cg=2035&rurl=http%3A//ads x-flash-version: 11,3,300,271 Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: usweb.dotomi.com Connection: Keep-Alive And according to Adobe's website: http://www.adobe.com/software/flash/about/ Newest version is 11.3.300.271 I'm getting this message from multiple machines in my office of about 20 clients. Just counting today 15 different systems have spawned this message. -----Original Message----- From: Castle, Shane [mailto:scastle () bouldercounty org] Sent: Tuesday, August 21, 2012 11:07 AM To: Paul Cable; snort-users () lists sourceforge net Subject: RE: Adobe Flash outdated It's probably a TP, and it refers to the installation of Flash that an IE browser is using. Auto-update doesn't always seem to work, and if the Flash installation is old enough, it isn't there. In fact, I'd go so far as to say that Adobe's auto-update is broken. Try downloading and running Secunia PSI on a couple of those systems and see what it tells you.
And then there was this :) From: https://www.adobe.com/support/security/bulletins/apsb12-19.html "Users of Adobe Flash Player 11.3.300.271 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.4.402.265." ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Adobe Flash outdated Paul Cable (Aug 21)
- Re: Adobe Flash outdated Castle, Shane (Aug 21)
- Re: Adobe Flash outdated Paul Cable (Aug 21)
- Re: Adobe Flash outdated Castle, Shane (Aug 21)
- Re: Adobe Flash outdated Paul Cable (Aug 21)
- Re: Adobe Flash outdated Joel Esler (Aug 22)
- Re: Adobe Flash outdated Paul Cable (Aug 21)
- Re: Adobe Flash outdated Edward Fjellskål (Aug 22)
- Re: Adobe Flash outdated Castle, Shane (Aug 21)