The security company called the flaw a "medium" risk, but vulnerabilities that enable remote control of a system frequently are considered "critical" bugs. The flaw, according to the U.S.-CERT, also could allow a hacker to cause a victim's browser to crash.
According to a Symantec advisory, an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 contains a buffer overflow vulnerability. Researchers at the U.S.-CERT notified Symantec of the vulnerability.
Symantec has provided fixes for the flaw through product updates that are available through LiveUpdate.
To exploit the vulnerability, an attacker would lure a user to view malicious html code. Generally to do this, hackers either send potential victims an e-mail with either a malicious attachment or with a link to a Web site that has malicious code embedded in it. The company reported in its advisory that its researchers haven't seen any exploits of the bug circulating on the Internet.
Symantec's Norton Internet Security product is a Windows-based system that includes antivirus, firewall, intrusion detection, and privacy protection, along with spam and content filtering. An ActiveX control is a set of rules for how applications share information.