Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Adobe Flash Player - SANS07C4/SANS07C1 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Flash Player - SANS07C4/SANS07C1
Hi,

We are running a vulnerability scan and it states that it has found SANS07C4 and SANS07C1 relating to Adobe Reader / Adobe Flash Player.

We have totally uninstalled Adobe Reader / Flash player and cleared out the registry on the computer for anything Adobe / Macromedia related as per their knowledge base articles.

I have contacted GFI who run the LanGuard vulnerability scanner and they are at a loss too.

Would someone know what paths / ocx / dll's these are actually checking for?

Kind Regards and thanks in advance!

Mark
MarkZ

4 Posts
The plot thickens - if we run an audit scan again the host with Nessus it only showed that Adobe 13 was installed (it was put back on by a user) and nothing relating to Adobe Flash was exploitable.

Im just wondering what the SANS07C4 is referring to:

ANS07C4: Adobe Flash Player 8.0.34.0 and earlier vulnerable to CSRF attack
Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file.

As only Adobe Flash player 13 is detected as below:

Nessus found the following instances of Flash Player installed on the
remote host :

- ActiveX control (for Internet Explorer) :
C:\Windows\system32\Macromed\Flash\Flash64_13_0_0_206.ocx, 13.0.0.206

Regards,

Mark
MarkZ

4 Posts
As far as SANS is concerned, maybe "SANS07C4" stands for "SANS 2007 Critical Control 4" referring to the SANS Critical Controls. But then again, they are not really that specific.

I think your hunch that this stands for "ANS" not "SANS" makes sense.
Johannes

2900 Posts
ISC Handler
Hi Johannes,

Thank you very much for your reply - appreciate it.

Unfortunately it line broke me off - when copy pasting!

Best Regards,

Mark
MarkZ

4 Posts

Sign Up for Free or Log In to start participating in the conversation!