Executive Summary

Informations
NameCVE-2001-1125First vendor Publication2001-10-05
VendorCveLast vendor Modification2017-12-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1125

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-184Software Integrity Attacks
CAPEC-185Malicious Software Download
CAPEC-186Malicious Software Update
CAPEC-187Malicious Automated Software Update

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2

Open Source Vulnerability Database (OSVDB)

idDescription
4712Symantec LiveUpdate DNS Spoofing Execute Arbitrary Code

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/3403
BUGTRAQ http://www.securityfocus.com/archive/1/218717
CONFIRM http://www.sarc.com/avcenter/security/Content/2001.10.05.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/7235

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2017-12-19 09:22:07
  • Multiple Updates
2013-05-11 12:06:18
  • Multiple Updates