This is simply malicious code on websites or injected into hacked websites with the intention of exploiting vulnerabilities.
SEP's download insight may catch malicious files being downloaded and block the attempt. You can also rely on the IPS component of SEP.
Always remember to patch your apps and your system.
Ideally, if you're running all components of SEP your protected against it.
Security Response recommendations for Symantec Endpoint Protection 12.1 settings
http://www.symantec.com/docs/TECH173752
Security Best Practice Recommendations
http://www.symantec.com/docs/TECH91705
Symantec Endpoint Protection – Best Practices
http://www.symantec.com/page.jsp?id=stopping_malware