The internal string handling functions of the Exim software contain a function called string_format(). The version of this function included with Exim versions prior to 4.70 contains a flaw that can result in a buffer overflow. This module exploits the vulnerability to run commands as the "Debian-exim" user. Afterwards, this module attempts to exploit the Alternate Configuration Privilege Escalation Vulnerability (CVE-2010-4345). If the second exploit is successful, an agent is installed with root privileges.
CVE Link
Exploit Platform
Exploit Type
Product Name