Researchers at eEye Digital Security discovered the vulnerability, which they said could allow an attacker to create a worm able to take over a user's computer and destroy critical programs and files.
They rated the threat as high because a hacker could exploit the flaw to get on a machine and edit, remove and delete programs and files without a user doing anything, such as clicking on a link, eEye spokesman Mike Puterbaugh said.
"This could potentially result in an internet worm," he said. "It is a flaw that can be triggered from another location and provides the attacker with system-level access."
A worm is a computer virus that spreads by sending copies of itself over a network. Most viruses these days are worms, since almost all computers are now linked by networks.
Symantec, a leading maker of anti-virus software used by consumers and businesses, said in a statement it was investigating and that the issue does not affect its popular Norton consumer brand of products. It confirmed eEye's finding that its Client Security 3.1 and AntiVirus Corporate Edition 10.1 offerings contained the flaw that Symantec said could allow a remote user to attack a machine. "Fixes have been identified for all affected products and work on these fixes is ongoing," the company said in a statement. "To date, Symantec has not had any reports of any related exploits of this vulnerability." The warning comes as internet security experts say cyber criminals are more interested in breaching systems for financial gain rather than simply to win notoriety by unleashing a devastating worm. In fact, the number of headline-grabbing viruses has slowed since the Blaster worm outbreak in 2003, which targeted Microsoft software and devastated hundreds of thousands of computers worldwide.