CVE-2001-1125
First published: Fri Oct 05 2001(Updated: )
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec LiveUpdate | =1.5 | |
| Symantec LiveUpdate | =1.4 | |
| Symantec LiveUpdate | <1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/last-modified-date
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/symantec
- canonical/symantec liveupdate
- version/symantec liveupdate/1.5
- version/symantec liveupdate/1.4