ISS X-Force has reported a flaw in F-Secure's antivirus products. The exploit works with specially crafted ARJ packages. The ARJ format is used for compressed file archives.
The X-Force advisory can be found here:
F-Secure AntiVirus Library Heap Overflow
F-Secure's security bulletin can be found here:
Code execution vulnerability in ARJ-archive handling