The vulnerability stems from a flaw in an library component (called Dec2Rar.dll) involving the processing of RAR archives. This vulnerability can be exploited as a means to inject hostile code onto vulnerable systems when a malicious RAR file is scanned. The flaw affects Dec2Rar.dll version 3.2.14.3 and potentially hits all Symantec products that use the library file, hence the large number of affected packages.
Users are advised to update their software, as explained in Symantec's advisory here. The glitch was discovered by security researcher Alex Wheeler, who's discovered many similar patches in anti-virus packages over recent months, most of which involve the processing of various types of archive file. His advisory can be found here.
From:
http://www.theregister.co.uk/2005/12...c_archive_bug/