# Forum in English  > News  > Vulnerabilities  >  Symantec Autofix and chat tool is vulnerable

## HATTIFNATTOR

*SYM08-009:  Symantec AutoFix Support Tool ActiveX Control Vulnerabilities* 

Two vulnerabilities reported in an ActiveX control used by the Symantec AutoFix Tool could potentially allow arbitrary code execution in the context of the user’s browser. Successful exploitation requires user interaction. 

*Affected Products*
Norton 360 v1
Norton Antivirus 2006 to 2008
Norton Internet Security 2006 to 2008
Norton System Works 2006 to 2008 

*Note:*
The affected ActiveX control is shipped only with the consumer products noted above. The control may also have been installed during an online chat session with a member of Symantec’s Consumer Technical Support team. 

*Solution below:* 

*How to Obtain an Updated AutoFix Tool*
An updated (non-vulnerable) version of the AutoFix tool will be automatically installed if customers participate in an online Chat session with Symantec Technical Support. Customers can also download and install an updated AutoFix Tool by visiting this web page and following the instructions here: 

https://www-secure.symantec.com/tech...sa/install.jsp 

*Symantec Response*
Symantec engineers have developed and released updates to address both of these vulnerabilities, as described under How to Obtain the Update. 

http://securityresponse.symantec.com...08.04.02a.html

----------

