Symantec has closely reviewed our Symantec Security Check based on Rafel Ivgi's finding in the referenced posting. We have confirmed there is no buffer overflow and no remote code execution issue in the Symantec Security Check application.
However, Symantec engineers were able to recreate a very low risk process crash given a sufficently large quanity of data passed to the function in question.
Following this scenerio, a user who recently ran a virus/security scan using Symantec Security Check could possibly see their browser crash were they to visit a malicious web site that was able to successfully exploit that issue. In no instance would the attacker be able to execute any remote code on the user system nor would the attacker gain access to any unauthorized information on the user's system through an attack against Symantec's Security Check application.
Pint-size luxury and funky style
Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.