A buffer overflow flaw in the Symantec AntiVirus Scan Engine could let remote attackers run code on vulnerable machines. The problem affects various versions of the engine, which is the part of the security software that actually scans for threats. Security patches are available to correct the problem, which Symantec rates "high" on its risk impact scale.
"Symantec strongly recommends all customers immediately apply the latest updates for their supported product versions to protect against these types of threats," the company said in its alert. No attacks that use the flaw have been reported, Symantec said.
Symantec advises people to check their installation. The administrative interface should be accessible only via a secure segment of the network and should never be open outside a company's network, Symantec said. So please be cautious!