The ASPack emulator that was vulnerable was one of the few not inside of a virtual machine, hence why this overflow could be easily used to get code execution.
Have you heard any sign of them making a big push to clean up their legacy code similar to what Microsoft did with their Trustworthy Computing effort? I know Symantec employs good people so I've been assuming that the problem is getting time dedicated to something which doesn't deliver a new feature or marketing bullet-point.
