From Symantec's site:

http://www.sarc.com/avcenter/securit...005.02.08.html

They have non-vulnerable versions of 8 and 9, but it is a whole new version - reinstallation required.

As for risk, I'd highly recommend not waiting. This vulnerability affects the scan engine itself, and Symantec has told us that symantec scans by header information - not extension.

So if I take an malicious .EXE, pack it with UPX...then rename the extension, it'll still exploit this vulnerability. Then, all I have to do is get a file on your system to nuke your system. Open shares, an e-mail attachment (or an e-mail attachment scanned by SAV).