The vulnerability has been identified and confirmed in versions 9.0.1.x and 9.0.4.x. I am fairly certain that it exists in all releases of version 9 and possibly other versions as well.

Essentially, the program can be configured to receive updates via Symantec's or an Internal Live update server. ...

[ more ]