← CVECheck
HomeVulnerabilities

CVE-2001-1125 — CRITICAL severity vulnerability (Symantec LiveUpdate before 1.6 does not use cryptography to)

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

CVE IDCVE-2001-1125
SeverityCRITICAL
CVSS score9.8
CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWECWE-494
StatusModified
Published2001-10-05
Last modified2026-04-16
DescriptionSymantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →