Jj Reyes

**Name of the Vulnerable Software and Affected Versions** HP OpenView Network Node Manager versions 7.01, 7.51, 7.53 **Description** The issue is related to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through long string parameters to various CGI programs, including OpenView5.exe, getcvdata.exe, ovlaunch.exe, and Toolbar.exe. Specifically, the `OpenView5.exe` program is vulnerable to long string parameters, one of which is related to `ov.dll`. **Recommendations** For HP OpenView Network Node Manager version 7.01, update to a version that includes the fix for this issue. For HP OpenView Network Node Manager version 7.51, update to a version that includes the fix for this issue. For HP OpenView Network Node Manager version 7.53, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the CGI programs `OpenView5.exe`, `getcvdata.exe`, `ovlaunch.exe`, and `Toolbar.exe` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Symantec Backup Exec for Windows Server versions 11.0.6235 through 11.0.7170 Symantec Backup Exec for Windows Server version 12.0.1364 **Description** The issue is related to multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control. This can be exploited by remote attackers to execute arbitrary code via long property values, such as ` DOWText0`, ` DOWText1`, ` DOWText2`, ` DOWText3`, ` DOWText4`, ` DOWText5`, ` DOWText6`, ` MonthText0`, ` MonthText1`, ` MonthText2`, ` MonthText3`, ` MonthText4`, ` MonthText5`, ` MonthText6`, ` MonthText7`, ` MonthText8`, ` MonthText9`, ` MonthText10`, or ` MonthText11`, when executing the Save method. It is noted that while the vendor states authenticated user involvement is required, authentication is not needed to attack a client machine that loads this control. **Recommendations** For Symantec Backup Exec for Windows Server versions 11.0.6235 through 11.0.7170, consider disabling the PVATLCalendar.PVCalendar.1 ActiveX control until a patch is available. For Symantec Backup Exec for Windows Server version 12.0.1364, consider disabling the PVATLCalendar.PVCalendar.1 ActiveX control until a patch is available. As a temporary workaround, avoid using long property values for ` DOWText0`, ` DOWText1`, ` DOWText2`, ` DOWText3`, ` DOWText4`, ` DOWText5`, ` DOWText6`, ` MonthText0`, ` MonthText1`, ` MonthText2`, ` MonthText3`, ` MonthText4`, ` MonthText5`, ` MonthText6`, ` MonthText7`, ` MonthText8`, ` MonthText9`, ` MonthText10`, or ` MonthText11` when executing the Save method.

**Name of the Vulnerable Software and Affected Versions** ACDSee Photo Manager version 9.0 build 108 ACDSee Pro Photo Manager version 8.1 build 99 ACDSee Photo Editor version 4.0 build 195 **Description** The issue is related to multiple input validation errors, allowing user-assisted remote attackers to execute arbitrary code. This can be achieved via a long section string in either a PSP image to the ID PSP.apl plug-in or an LHA archive to the AM LHA.apl plug-in, resulting in a heap-based buffer overflow. **Recommendations** For ACDSee Photo Manager version 9.0 build 108, consider disabling the ID PSP.apl and AM LHA.apl plug-ins until a patch is available. For ACDSee Pro Photo Manager version 8.1 build 99, restrict access to the ID PSP.apl and AM LHA.apl plug-ins to minimize the risk of exploitation. For ACDSee Photo Editor version 4.0 build 195, avoid using the affected plug-ins with untrusted PSP images or LHA archives until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Agent versions in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 **Description** A remote code execution issue exists in the way Microsoft Agent handles certain specially crafted URLs, resulting in memory corruption. This allows remote attackers to execute arbitrary code. **Recommendations** For Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MailEnable Professional Edition versions 1.6 through 1.84 MailEnable Professional Edition versions 2.0 through 2.35 MailEnable Enterprise Edition versions 1.1 through 1.41 **Description** The issue is a stack-based buffer overflow in the IMAP service, allowing remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string. **Recommendations** For MailEnable Professional Edition versions 1.6 through 1.84, apply the ME-10025 hotfix. For MailEnable Professional Edition versions 2.0 through 2.35, apply the ME-10025 hotfix. For MailEnable Enterprise Edition versions 1.1 through 1.41, apply the ME-10025 hotfix.