Manuel Santamarina Suarez

**Name of the Vulnerable Software and Affected Versions** EMC AutoStart versions prior to 5.3 SP2 **Description** The issue allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer in the Backbone service (ftbackbone.exe). **Recommendations** For versions prior to 5.3 SP2, update to version 5.3 SP2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager (TSM) versions 5.1.0.0 through 5.1.8.1 IBM Tivoli Storage Manager (TSM) versions 5.2.0.0 through 5.2.5.2 IBM Tivoli Storage Manager (TSM) versions 5.3.0.0 through 5.3.6.1 IBM Tivoli Storage Manager (TSM) versions 5.4.0.0 through 5.4.2.2 IBM Tivoli Storage Manager (TSM) versions 5.5.0.0 through 5.5.0.91 TSM Express Backup-Archive client (affected versions not specified) **Description** A heap-based buffer overflow issue exists in the Data Protection for SQL CAD service, allowing remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port. **Recommendations** For versions 5.1.0.0 through 5.1.8.1, update to a version outside of this range to resolve the issue. For versions 5.2.0.0 through 5.2.5.2, update to a version outside of this range to resolve the issue. For versions 5.3.0.0 through 5.3.6.1, update to a version outside of this range to resolve the issue. For versions 5.4.0.0 through 5.4.2.2, update to a version outside of this range to resolve the issue. For versions 5.5.0.0 through 5.5.0.91, update to a version outside of this range to resolve the issue. For TSM Express Backup-Archive client, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Lotus Sametime versions 7.5.1 CF1 and earlier, 8.x before 8.0.1 **Description** The issue is a stack-based buffer overflow in the Community Services Multiplexer, allowing remote attackers to execute arbitrary code via a crafted URL. **Recommendations** For versions 7.5.1 CF1 and earlier, update to a version later than 7.5.1 CF1. For versions 8.x before 8.0.1, update to version 8.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Novell eDirectory versions 8.8.x before 8.8.1 FTF1 Novell eDirectory versions 8.x up to 8.7.3.8 Novell NetMail versions before 3.52e FTF2 **Description** The issue allows remote attackers to execute arbitrary code via multiple stack-based buffer overflows. This can be triggered by a long HTTP Host header, which causes an overflow in the `BuildRedirectURL` function. Other vectors include a username containing a `.` (dot) character in various services such as SMTP, POP, IMAP, HTTP, or Networked Messaging Application Protocol (NMAP) Netmail services. **Recommendations** For Novell eDirectory versions 8.8.x before 8.8.1 FTF1, update to version 8.8.1 FTF1 or later. For Novell eDirectory versions 8.x up to 8.7.3.8, update to a version later than 8.7.3.8. For Novell NetMail versions before 3.52e FTF2, update to version 3.52e FTF2 or later. As a temporary workaround, consider restricting access to the `BuildRedirectURL` function and limiting the use of usernames containing a `.` (dot) character in the affected services until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel (affected versions not specified) **Description** A remote code execution issue exists when Excel parses a file and processes a malformed DATETIME record, allowing an attacker to potentially exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ipswitch Collaboration Suite versions 2006.02 and earlier **Description** The issue is related to a buffer overflow in the IMAP daemon, which allows remote authenticated users to execute arbitrary code via a long FETCH command. **Recommendations** For Ipswitch Collaboration Suite versions 2006.02 and earlier, update to a version later than 2006.02 to resolve the issue.