iDEFENSE Labs has notified Symantec about a remotely exploitable buffer overflow vulnerability in the Symantec AntiVirus Scan Engine that can allow remote attackers to execute arbitrary code. The iDEFENSE Advisory says "A remote attacker can send a specially crafted HTTP request to the administrative Scan Engine Web Wervice on port 8004 to crash the service or execute arbitrary code."
Patch today folks.
Symantec's Advisory, (with patch and mitigation information) states the "Risk Impact" is High. Affected versions listed are;
Oct 5th 2005
1 decade ago