Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2002-03-15T05:00:00
Updated: 2024-08-08T04:44:07.831Z
Reserved: 2002-03-15T00:00:00
Link: CVE-2001-1125
Vulnrichment
No data.
NVD
Status : Modified
Published: 2001-10-05T04:00:00.000
Modified: 2024-11-20T23:36:56.210
Link: CVE-2001-1125
Redhat
No data.