A bug in the way Norton AntiVirus software uses the ActiveX programming language could cause serious problems for users of Symantec's products. On Thursday, Symantec patched the flaw warning that a bug in two ActiveX controls used by Symantec's client software could allow an attacker to run unauthorized software on a victim's computer. Security vendor Secunia ApS rates the problem as "highly critical."
The flaw is an "input validation" error, meaning that Norton doesn't properly check the data it's receiving to ensure that it can't be mistaken for malicious commands. The bug affects users of the 2006 versions of Norton AntiVirus, Norton Internet Security, and Norton System Works. Norton Internet Security 2006, Anti Spyware Edition is also affected.