CVE-2001-1125
9.8CRITICALSymantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com
Publicado: 10/5/2001Actualizado: 4/3/2025
Descripción
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Análisis IAImpulsado por IA
Productos Afectados
symantecliveupdate
Referencias
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry