Matthew Nicholson discovered a buffer overflow in the SIP channel driver of Asterisk, an open source PBX and telephony toolkit, which could lead to the execution of arbitrary code.