Exim has a stack-based buffer overflow. A remote attacker can execute arbitrary code on the system of the service with the system privilege via malicious e-mail. It is dependent on setting ?verify = header_syntax? in the exim.conf configuration file, which is not the default setting.
Exim 3.35, and other versions before 4
Gain unauthorised access to the victim system.
Upgrade to the latest version of exim (3.35-3woody2 or later).