"ISS has shipped protection for a flaw discovered by X-Force in McAfee AntiVirus Library versions prior to 4400," said the advisory.
"The Library is widely relied on to provide antivirus capabilities to desktop, server and gateway systems. Also, several large vendors and ISPs implement the Library in their products."
The flaw can be exploited if a hacker sends an email to the target with a specially crafted 'Lha' file, a type of format read by many software engines.
The user does not need to open anything; instead the file overwhelms the library's buffer and allows code to be executed on the target machine.