Only non corporate versions of Norton AntiVirus 2006, Norton Internet Security 2006, Norton SystemWorks 2006 and Norton Internet Security 2005 AntiSpyware Edition are affected.

It comes about because of an input validation error, which fails to analyse incoming data for malicious commands before executing them.

To exploit the vulnerability, hackers could send e-mails to users inviting them to click on a link to a Web site containing the exploit code, Symantec said.

source