What is CVE-2001-1125?

CVE-2001-1125 is a critical-severity vulnerability in Symantec Liveupdate, classified under Download of Code Without Integrity Check. CVSS score: 9.8/10. Published 2001-10-05.

How severe is CVE-2001-1125?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Symantec Liveupdate

CVE-2001-1125

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

EPSS: 0.025 (82.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Symantec Liveupdate
N/a — versions n/a

Weakness classification (CWE)

CWE-494 — Download of Code Without Integrity Check

References

cve@mitre.org (Broken Link, Vendor Advisory, mailing-list, x_refsource_BUGTRAQ, Patch, VDB Entry, Third Party Advisory)
cve@mitre.org (Patch, VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Broken Link)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2001-1125?: CVE-2001-1125 is a critical-severity vulnerability in Symantec Liveupdate, classified under Download of Code Without Integrity Check. CVSS score: 9.8/10. Published 2001-10-05.
How severe is CVE-2001-1125?: Critical severity. CVSS v3 base score is 9.8 out of 10.