Google Project Zero researcher Tavis Ormandy has been hunting bug vulnerabilities in anti-virus products for at least a year. He found several remote code execution vulnerabilities, including one in the core scanning engine used in all Symantec and Norton-branded products. The problem is so severe that even a single email engineered to exploit the flaw could compromise a computer, depending on the platform. The bug is so bad that even receiving an email is enough, no need to open or read it (even webmail)”]
Source: https://www.govinfosecurity.com/researcher-hacks-symantecs-av-via-email-a-9109