Credit: Unknown
This exploit was first captured in the wild by Sergey Kononenko. It exploited a buffer overflow in the logging functionality of Exim to gain code execution on the server. The exploit was interesting, because instead of hijacking EIP, the attacker overwrites an internal data structure with a shell command that is executed when the server processes the next message.