CVE-2001-1125

Опубликовано: 05 окт. 2001

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

Ссылки

http://www.sarc.com/avcenter/security/Content/2001.10.05.html
Broken Link
http://www.securityfocus.com/archive/1/218717
Broken Link
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/3403
Broken Link
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
Third Party Advisory
VDB Entry
http://www.sarc.com/avcenter/security/Content/2001.10.05.html
Broken Link
http://www.securityfocus.com/archive/1/218717
Broken Link
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
http://www.securityfocus.com/bid/3403
Broken Link
Patch
Third Party Advisory
VDB Entry
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:symantec:liveupdate:*:*:*:*:*:*:*:*

Версия до 1.6 (исключая)

EPSS

Процентиль: 89%

0.04578

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-494

Связанные уязвимости

GHSA-7rhp-mjch-qq88