It's possible to execute code by using crossite scripting in symantec.com domain. Buffer overflow.
vulners.com/securityvulns/securityvulns:doc:19569
vulners.com/securityvulns/securityvulns:doc:19570