CVE-2001-1125
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/archive/1/218717
- http://www.securityfocus.com/bid/3403
- http://www.sarc.com/avcenter/security/Content/2001.10.05.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- http://www.securityfocus.com/archive/1/218717
- http://www.securityfocus.com/bid/3403
- http://www.sarc.com/avcenter/security/Content/2001.10.05.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.