CVE-2002-1381 | Vulnerability Database | Aqua Security

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.

Affected Software

Name	Vendor	Start Version	End Version
Exim	University_of_cambridge	3.35 (including)	3.35 (including)
Exim	University_of_cambridge	3.36 (including)	3.36 (including)
Exim	University_of_cambridge	4.10 (including)	4.10 (including)

References

http://groups.yahoo.com/group/exim-users/message/42358
http://marc.info/?l=bugtraq\u0026m=103903403527788\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104006219018664\u0026w=2
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
http://www.securityfocus.com/bid/6314
https://exchange.xforce.ibmcloud.com/vulnerabilities/10761
http://groups.yahoo.com/group/exim-users/message/42358
http://marc.info/?l=bugtraq\u0026m=103903403527788\u0026w=2
http://marc.info/?l=bugtraq\u0026m=104006219018664\u0026w=2
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
http://www.securityfocus.com/bid/6314
https://exchange.xforce.ibmcloud.com/vulnerabilities/10761

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-1381
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html