A flaw was found in Exim versions 4.87 to 4.91 . Improper validation of recipient address in deliver_message function in /src/deliver.c may lead to remote command execution. Fixed In Version:¶ exim 4.92