Renaud Deraison

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.7.4 **Description** The issue concerns the Time Machine feature in Mac OS X, where it fails to maintain SRP-based authentication after initial use, allowing remote attackers to access Time Capsule credentials by spoofing the backup volume. **Recommendations** For versions prior to 10.7.4, update to version 10.7.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Message Queue Manager (MSQM) (affected versions not specified) **Description** A buffer overflow issue in the Microsoft Message Queue Manager allows remote attackers to cause a denial of service by crashing the RPC service. This can be achieved via a queue registration request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.