A vulnerability has been discovered in Symantec's Antivirus products. The unpatched antivirus allows the UPX Parsing Engine to be exploited to send a virus or install other trojan programs. UPX is a compressed executable format, which is scanned by DEC2EXE. Many email filtering solutions use Symantec for their virus scanner, allowing a potential worm to spread by the very means used to stop them.
Symantec had already begun removing the DEC2EXE engine from it's products. To see what versions are still vulnerable:
Symantec UPX Parsing Engine Heap Overflow - Affected and Unaffected Products
More information about this news can be found at:
Symantec flaw leaves opening for viruses
ISS X-Force made the discovery, so you can find their advisory at:
Symantec Antivirus Library Heap Overflow