Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
osvdb.org/38161
secunia.com/advisories/26883
securityreason.com/securityalert/3184
www-1.ibm.com/support/docview.wss?uid=swg21268775
www-1.ibm.com/support/search.wss?rs=0&q=IC52905&apar=only
www.securityfocus.com/archive/1/480492
www.securityfocus.com/bid/25743
www.securitytracker.com/id?1018725
www.vupen.com/english/advisories/2007/3228
www.zerodayinitiative.com/advisories/ZDI-07-054.html
exchange.xforce.ibmcloud.com/vulnerabilities/36700