This problem with Trend Micro was issued yesterday.
From Secunia:
Description:
Elazar Broad has discovered some vulnerabilities in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a user’s system.The vulnerabilities are caused due to boundary errors in the OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class ActiveX control (OfficeScanRemoveCtrl.dll) on an OfficeScan client when attempting to display a list of configuration settings. These can be exploited to cause stack-based buffer overflows by passing overly long properties when a user e.g. visits a malicious web site.
Successful exploitation allows execution of arbitrary code, but requires that OfficeScan client was installed using web deployment.
I can only imagine that this same problem exists in Symantec’s antivirus.
