Synthesis
A Proof of Concept (PoC) is available for the CVE-2024-39929 vulnerability present in Exim, Mail Transfer Agent (MTA) used on Unix-like systems. This vulnerability, due to an incorrect analysis of the RFC 2231 header, could allow – a remote attacker – to bypass the security mechanisms in order to distribute malicious executables in the mailboxes of end users.
Risk
Estimated impact of vulnerability on the reference community: HIGH/ORANGE (71.92/100)1.
Type
- Arbitrary Code Execution
- Security Restrictions Bypass
Affected products and versions
Exim, versions prior to 4.98
Mitigation actions
It is recommended to update vulnerable products to the latest available version.
Unique vulnerability identifiers
References
https://www.exim.org/download.html
1This estimate is carried out taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.