5 matches found
CVE-2002-0344
CVE-2002-0344 affects Symantec LiveUpdate 1.5 and earlier used with Norton Antivirus. The issue stems from storing usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server. The NVD entry describes thi...
CVE-2001-1125
CVE-2001-1125 concerns Symantec LiveUpdate prior to 1.6, where the update mechanism did not cryptographically verify downloaded files. This enables a remote attacker to achieve arbitrary code execution via DNS spoofing of the update site (update.symantec.com). The issue affects LiveUpdate version...
CVE-2001-1126
Symantec LiveUpdate 1.4–1.6 (and possibly later versions) are affected. The vulnerability allows a remote attacker to cause a denial-of-service (flood) by DNS spoofing the update.symantec.com site. Impact is a partial loss of availability. The description does not provide exploit details, affecte...
CVE-2001-0549
The CVE describes Symantec LiveUpdate 1.5 storing proxy passwords in cleartext in the registry (HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\LiveUpdate\Preferences\Proxy), allowing local users to read credentials. CERT/CC details confirm local read access to the registry key and recommend upgrading to Li...
CVE-2006-1836
CVE-2006-1836 affects Symantec LiveUpdate for Macintosh, versions 3.0.0 through 3.5.0. The vulnerability is an untrusted search path due to not setting the execution path, enabling local users to gain privileges via a Trojan horse program. The documents establish the affected product line and roo...