Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
layereddefense.com/SAV13SEPT.html
secunia.com/advisories/21884
securityresponse.symantec.com/avcenter/security/Content/2006.09.13.html
securitytracker.com/id?1016842
www.securityfocus.com/archive/1/446041/100/0/threaded
www.securityfocus.com/archive/1/446293/100/0/threaded
www.securityfocus.com/bid/19986
www.vupen.com/english/advisories/2006/3599
exchange.xforce.ibmcloud.com/vulnerabilities/28936