has posted a fix
for a vulnerability
in their Antivirus Corporate Edition and Client Security products that could have allowed remote users to launch worm attacks. The issues of remote code execution have been resolved now, thanks to the fix
which means that the products are no longer vulnerable to a stack overflow. The flaw, which doesn't require any user interaction in order to be exploited, was pretty serious as it impacted enterprise-level customers. A worm crafted to take advantage of the exploit could have had a disastrous impact, particularly on large companies that use the affected software. The flaw was discovered by digital security firm the eEye
, who rated the flaw as highly severe.
"As a trend, we are seeing the complexity of software increase and as a result the existence of vulnerabilities is pretty prevalent at the application layer," the eEye spokesperson said. "Anytime you have complex software there are going to be vulnerabilities."