CVE-2001-1125
9.8CRITICALSymantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com
Опубликовано: 10/5/2001Обновлено: 4/3/2025
Описание
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
ИИ-АнализНа базе ИИ
Затронутые продукты
symantecliveupdate
Ссылки
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry