Does anyone have an RP for engine version detection pls - http://www.zdnet.com/article/symantec-antivirus-products-vulnerable-to-horrid-overflow-bug/
In the, “Client Manager for Endpoint Protection” external site there are analyses covering Symantec Anti-Virus products.
I would recommend creating a report that looks at the engine version parameter in those analyses and compares it against he most recent vulnerable version (in this case: 20151.1.0.32)
Bill
Any chance you publish the relevance for engine version only please ?
Unfortunately I can’t republish IBM content – I also don’t have access to an environment running Symantec.
Maybe someone else has an analysis they can share that provides this data.
I have coded up detection, thanks anyway.
This may be of interest to others – would you mind sharing the relevance you used?
version of file (preceding text of first “%00” of following text of last “??” of (value “ImagePath” of (key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG” of registry) as string)) as string | “N/A”
There is one on BigFix.me by @jgstew that seems to work.
https://bigfix.me/analysis/details/2994621
Martin
I don’t see Engine Version there …