Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10761
http://www.securityfocus.com/bid/6314
http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html