CVE-2001-1125
9.8CRITICALSymantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com
Publicado: 10/5/2001Atualizado: 4/3/2025
Descrição
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Análise IADesenvolvido por IA
Produtos Afetados
symantecliveupdate
Referências
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry