Exim contains a flaw in the expansion of arguments to math comparison functions, which can result in the values being doubled.
The end result is that an attacker can perform a local command execution if they are able to perform a look-up using Exim against files that they can edit. In some cases, such as Exim being bundled with cPanel, the local command execution can actually lead to a root compromise as the Exim look-up is being done by the root user.
Impact:
We have deemed this vulnerability to be rated as HIGH due to the fact that a user can perform local commands under certain circumstances.
Vulnerable Version:
This vulnerability was tested against Exim 4.82 and is believed to exist in all previous versions.
Fixed Version:
This vulnerability was patched in Exim 4.83.
source:Rack 911
