Vulnerability Description
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Liveupdate | < 1.6 |
Related Weaknesses (CWE)
References
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry
- http://www.sarc.com/avcenter/security/Content/2001.10.05.htmlBroken Link
- http://www.securityfocus.com/archive/1/218717Broken LinkPatchThird Party Advisory
- http://www.securityfocus.com/bid/3403Broken LinkPatchThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7235Third Party AdvisoryVDB Entry
FAQ
What is CVE-2001-1125?
CVE-2001-1125 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com ...
How severe is CVE-2001-1125?
CVE-2001-1125 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2001-1125?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Liveupdate.