How severe is CVE-2001-1125?

CVE-2001-1125 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2001-1125

Name: liveupdate
Author: symantec

9.8CRITICAL

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com

发布于: 10/5/2001更新于: 4/3/2025

描述

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

AI分析AI驱动

受影响产品

symantecliveupdate

参考资料

http://www.sarc.com/avcenter/security/Content/2001.10.05.html
Broken Link
http://www.securityfocus.com/archive/1/218717
Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
http://www.securityfocus.com/bid/3403
Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
Third Party AdvisoryVDB Entry
http://www.sarc.com/avcenter/security/Content/2001.10.05.html
Broken Link
http://www.securityfocus.com/archive/1/218717
Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
http://www.securityfocus.com/bid/3403
Broken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
Third Party AdvisoryVDB Entry