This Metasploit module exploits a stack overflow in the IBM Tivoli Storage Manager Express CAD Service. By sending a "ping" packet containing a long string, an attacker can execute arbitrary code. NOTE: the dsmcad.exe service must be in a particular state (CadWaitingStatus = 1) in order for the vulnerable code to be reached. This state doesn't appear to be reachable when the TSM server is not running. This service does not restart.
8a10ef51f9a242610ead82abda18b323770c190feb98597aba24f56a8407f14a