Symantec has issued a patch for a security hole in its Corporate Edition 9.0 and Client Security 2.0 products.

The flaw was first reported by iDefense Labs and could allow a user to gain privileged access to files and functionalities on a local system through the software's help function.

The help software uses the same HTML format as for web pages. But the functionality is granted privileged access even if the user has only restricted rights.

By manipulating the user interface, a user could use those rights to browse all system files or execute applications.

Because the flaw cannot be exploited remotely, Symantec ranked its risk as 'medium'.

Licensed users of the affected products are advised to download the latest patch through the support website or update service.