1 comment

[ 2.6 ms ] story [ 15.0 ms ] thread
Is exim installed as an active local MTA on desktops? If so then this is a trivial local escalation, if not then it's probably most significant when a box is already breached by other means.

I think the main place I'd worry about this is web hosts using a default cPanel config - if they're not already patched past the vulnerable version then compromise of the whole server may take nothing more than a script on a compromised WordPress site.