On Thursday, Symantec patched the flaw warning that a bug in two ActiveX controls used by Symantec's client software could allow an attacker to run unauthorized software on a victim's computer. Security vendor Secunia ApS rates the problem as "highly critical."