CVE-2001-1125

CVSS 9.8 - CRITICAL
Description

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

Affected Products
1
Vendor Product Version
symantec liveupdate All versions
References
http://www.sarc.com/avcenter/security/Content/2001...
http://www.securityfocus.com/archive/1/218717
http://www.securityfocus.com/bid/3403
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
http://www.sarc.com/avcenter/security/Content/2001...
http://www.securityfocus.com/archive/1/218717
http://www.securityfocus.com/bid/3403
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
Weakness Types
CWE-494 CWE-494
CVE Information
CVE ID:
CVE-2001-1125
Published:
2001-10-05
Modified:
2025-04-03
CVSS Score:
9.8
Severity:
CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
symantec
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL