Symantec have released a patch for the UPX vulnerability in their products as documented in their UPX parsing engine heap overflow vulnerability and Symantec Client Security document. Only a few of our machines were affected and rather than upgrade them to the latest release it was easier to install the nodec2exe patch