Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2002-03-15T05:00:00
Updated: 2024-08-08T04:44:07.831Z
Reserved: 2002-03-15T00:00:00
Link: CVE-2001-1125
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2001-10-05T04:00:00.000
Modified: 2024-02-08T02:28:14.810
Link: CVE-2001-1125
Redhat
No data.