Code has been released that potentially enables an attacker to remotely crash Symantec product pcAnywhere.
"I've been working on the remote pcAnywhere vulnerability reported a few weeks ago and stumbled on a few other flaws during my research. This works on patched versions as well," he stated.
The source code for pcAnywhere and Symantec's flagship Norton Antivirus products was leaked by an Indian hacking group last month.
At the time, the firm downplayed the leak, saying that it only involved old code and would not affect customers.
However, subsequently it realised that hackers could gain remote control of users' machines using information from the leaked code, and released a patch to close the vulnerability.
Symantec advised at the time that it could not ensure that the product would be completely secure, and warned users not to install it if they had not already done so.
The leak has acted as a catalyst for the online world of security watchers to explore code.
For example, an anonymous poster to the Infosec Institute recently suggested any firms still using the software should uninstall it completely, claiming that the source code leak has rendered it irretrievably insecure.
"For hackers, the sky is the limit as they now have all of the juicy details of the pcAnywhere product... We now know how their LiveUpdate system works thanks to the included architecture plans and full source code, which is also used to update Symantec's current anti-virus products. Any exploits in the code are now visible by all," the poster claimed.
Symantec was unavailable for comment at the time of writing.
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed