CVE Vulnerabilities

CVE-2001-1125

Published: Oct 05, 2001 | Modified: Dec 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

Affected Software

Name Vendor Start Version End Version
Liveupdate Symantec 1.4 1.4
Liveupdate Symantec 1.5 1.5

References