CVE-2001-1125
First published: Fri Oct 05 2001(Updated: )
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec LiveUpdate | =1.5 | |
| Symantec LiveUpdate | =1.4 | |
| Symantec LiveUpdate | <1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1125?
CVE-2001-1125 is considered a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2001-1125?
To fix CVE-2001-1125, upgrade to Symantec LiveUpdate version 1.6 or later which includes cryptographic protections.
What kind of attack does CVE-2001-1125 allow?
CVE-2001-1125 allows attackers to execute arbitrary code through DNS spoofing.
Which versions of Symantec LiveUpdate are affected by CVE-2001-1125?
CVE-2001-1125 affects Symantec LiveUpdate versions 1.4 and 1.5.
Is CVE-2001-1125 still a threat today?
CVE-2001-1125 is less of a threat today if users have updated to the latest versions, but outdated software can still be vulnerable.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- vendor/symantec
- canonical/symantec liveupdate
- version/symantec liveupdate/1.4
- version/symantec liveupdate/1.5