(imported topic written by BenKus)
Several of our customers asked us about a Symantec vulnerability SYM07-019 (http://www.symantec.com/avcenter/security/Content/2007.07.11f.html) and a couple customers shared with us relevance that detects vulnerable versions of Symantec 10.
Here is the relevance (provided by a customer):
(exists file “rtvscan.exe” whose (version of it > “10.0.0.0” AND version of it < ") of it) of folder ((if (exists value “SAV Install Directory” of it) then (value “SAV Install Directory” of it as string) else if (exists value “SAVCE” of it) then (value “SAVCE” of it as string) else (if (exists value “NAVNT” of it) then (value “NAVNT” of it as string) else if (exists value “NAV” of it) then (value “NAV” of it as string) else if (exists folder (value of variable “ProgramFiles” of environment as string & “\NavNT” as string) whose (exists file “rtvscan.exe” of it)) then (value of variable “ProgramFiles” of environment as string & “\NavNT” as string) else (“Not Installed”))) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry) AND (exists file “Dec2.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2AMG.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2ARJ.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2CAB.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2GZIP.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2ID.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2LHA.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2LZ.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2RAR.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2RTF.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2SS.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2TAR.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2Text.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2TNEF.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “Dec2ZIP.dll” whose (version of it does not equal “3.15.3.0”) of it AND exists file “DecSDK.dll” whose (version of it does not equal “3.15.3.0”) of it) of (value “Common Client Decomposers” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps” of registry as folder)
BigFix does not officially support this relevance, but we have many customers using Symantec, we thought it would be helpful.
If someone wants to test this relevance or make a Fixlet and post results here, I bet it would help a lot of people.
Ben