
The program’s agent accepts remote upgrade requests from any entity that understands the upgrade protocol, not verifying that the requests are from a trusted source, as it should, according to the advisory.
A hacker, assuming they have knowledge of the agent’s protocol, can take control of a PC by infecting it with malicious software.
The anti-virus giant was not aware of any exploits in the wild, according to Symantec.
The flaw is exploitable from both remote and local locations, according to a Friday advisory from FrSIRT (the French Security Incident Response Team), which ranked the flaw as "high risk."