A vulnerability was reported in Symantec's Norton Anti-Virus that allows a
remote attacker to execute arbitrary code on the target system. The
software component fails to do a proper bounds checks when analyzing
certain container files for virus content. A remote user can send a
specially crafted UPX file to trigger a buffer overflow and execute
arbitrary code.

The flaw resides in the DEC2EXE engine. Please refer to reference link for
the list of vulnerable products.

Symantec has issued a fix available via LiveUpdate and at