The article says that Exchange module 5.1 and prior are affected. It also says that the package that contains the fix can be downloaded from the section "NetWorker Module for Exchange 5.1 SP1. This includes Security Vulnerability LGTsc19158 fix." However, that section does not exist. Also, the packages listed for Exchange were posted on 9/15/08, well before this announcement. And, the Exchange package does not seem to contain a nsrexecd.exe which is the process identified as having the vulnerability.
The Networker package is fairly clear, Client 7.3 SP4 build 565 takes care of it. The Exchange module is not so clear.
Is there an Exchange module that I am missing? Is the Exchange module affected somewhere other than nsrexecd? Does the 9/15/08 release contain the fix?
Well, if it says that 5.1 SP1 fixes it, just download this version (it's the version available in the download page).
The nsrexecd.exe is installed with the Client software, but it's used for communication with the server, even by the module's commands, so I believe that you have to fix both side (client and module) to avoid the problem.
I guess my confusion comes from the fact that every other package on the download site that is identified as vulnerable actually has a download section that contains the words "This includes Security Vulnerability LGTsc19158 fix". The Exchange section does not.