EMC Retrospect Client for Linux, Solaris, Windows, Macintosh, and NetWare contain a vulnerability that could allow a remote attacker to execute arbitrary code.
The vulnerability exists due to a lack on input validation on incoming packets. A remote attacker could exploit this vulnerability by submitting a malicious packet to an affected Retrospect client. This action could cause a buffer overflow, allowing the attacker to crash the client or possibly to execute arbitrary code with SYSTEM privileges.
EMC has acknowledged this vulnerability with a knowledge base article and released patches.