Google Project Zero researcher Tavis Ormandy has been hunting bug vulnerabilities in anti-virus products for at least a year. He found several remote code execution vulnerabilities, including one in the core scanning engine used in all Symantec and Norton-branded products. The problem is so severe that even a single email engineered to exploit the flaw could compromise a computer, depending on the platform. The company says it has issued a fix for the flaw, but other issues can’t be fixed by LiveUpdate.”]
Source: https://www.cuinfosecurity.com/researcher-hacks-symantecs-av-via-email-a-9109