CVE-2001-1125
9.8CRITICALSymantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com
Veröffentlicht: 10/5/2001Aktualisiert: 4/3/2025
Beschreibung
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
KI-AnalyseKI-gestützt
Betroffene Produkte
symantecliveupdate
Referenzen
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry