Critical severity9.8NVD Advisory· Published Oct 5, 2001· Updated Jun 16, 2026
CVE-2001-1125
CVE-2001-1125
Description
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
Affected products
2cpe:2.3:a:symantec:liveupdate:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:symantec:liveupdate:*:*:*:*:*:*:*:*range: <1.6
- (no CPE)range: <1.6
Patches
Vulnerability mechanics
References
4- www.securityfocus.com/archive/1/218717nvdBroken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- www.securityfocus.com/bid/3403nvdBroken LinkPatchThird Party AdvisoryVDB EntryVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/7235nvdThird Party AdvisoryVDB Entry
- www.sarc.com/avcenter/security/Content/2001.10.05.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.