Symantec's anti-virus scan engine has a critical security bug and users have been strongly advised to download and install a patch from the company. The flaw could allow an attacker to take control of an affected system.

A bug in the Scan Engine's admin interface, could allow an attacker to take over a system by creating a special HTTP request, Symantec said in a security advisory. The attacker would however need to gain access to an exposed admin port to gain access.

Users of versions 4.0 and 4.3 of the Scan Engine product are advised to upgrade to version 4.3.12.

Symantec is the second security vendor to report a major security bug in its products this week. Kaspersky Labs also reported a critical flaw in its anti-virus library, which is used by a wide range of the company's antivirus products.