Symantec is urging users of its pcAnywhere software to disable the software on their PCs.
The security firm's warning comes just weeks after The Lords of Dharmaraja hacking group claimed to have obtained source code and documentation for the software from servers belonging to Indian intelligence agencies. The group also threatened to post the information online.
At the time, the security firm told IDG News Service there was no actual source code present in the stolen data.
However, Symantec has no backtracked and believes users of its pcAnywhere software may be at risk
"Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere," it said in an advisory.
"pcAnywhere customers have increased risk. Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits. Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information."
Symantec said not only could a "'man-in-the-middle' attack result in data and log-in credentials being stolen as well as unauthorised remote access of a PC.
The security firm said it "recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks".
"For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein."