How severe is CVE-2001-1125?

CVE-2001-1125 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2001-1125

Name: liveupdate
Author: symantec

9.8CRITICAL

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com

公開日: 10/5/2001更新日: 4/3/2025

説明

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

AI分析AIによる分析

影響を受ける製品

symantecliveupdate

参照

http://www.sarc.com/avcenter/security/Content/2001.10.05.html
Broken Link
http://www.securityfocus.com/archive/1/218717
Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
http://www.securityfocus.com/bid/3403
Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
Third Party AdvisoryVDB Entry
http://www.sarc.com/avcenter/security/Content/2001.10.05.html
Broken Link
http://www.securityfocus.com/archive/1/218717
Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
http://www.securityfocus.com/bid/3403
Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
Third Party AdvisoryVDB Entry