CVE-2007-4880
IBM Tivoli Storage Manager Client - Memory Corruption
Title source: ruleDescription
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16764
exploitdb
WORKING POC
VERIFIED
by muts · pythonremotewindows
https://www.exploit-db.com/exploits/4573
metasploit
WORKING POC
GOOD
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ibm_tsm_cad_header.rb
References (11)
Scores
EPSS
0.8894
EPSS Percentile
99.5%
Details
CWE
CWE-119
Status
published
Products (8)
ibm/tivoli_storage_manager_client
5.1
ibm/tivoli_storage_manager_client
5.1.8.0
ibm/tivoli_storage_manager_client
5.2
ibm/tivoli_storage_manager_client
5.2.5.1
ibm/tivoli_storage_manager_client
5.3
ibm/tivoli_storage_manager_client
5.3.5.2
ibm/tivoli_storage_manager_client
5.4
ibm/tivoli_storage_manager_client
5.4.1.1
Published
Sep 28, 2007
Tracked Since
Feb 18, 2026