A vulnerability in Apache SpamAssassin could allow a local attacker to execute arbitrary code on a targeted system.
The vulnerability is due to a code injection condition in the meta rule syntax that exists when rules are processed by the affected software. An attacker could exploit this vulnerability by supplying malicious data to a targeted system. A successful exploit could allow the attacker to execute arbitrary code.
Apache has confirmed the vulnerability and released software updates.
Security Impact Rating: High