Adam Boileau

**Name of the Vulnerable Software and Affected Versions** Asterisk versions 1.0.x through 1.0.11 Asterisk versions 1.2.x through 1.2.12 **Description** The issue is related to an integer overflow in the get input function within the Skinny channel driver, which can be exploited by remote attackers to execute arbitrary code. This is achieved by providing a specific dlen value that bypasses a signed integer comparison, resulting in a heap-based buffer overflow. **Recommendations** For Asterisk versions 1.0.x through 1.0.11, update to version 1.0.12 or later. For Asterisk versions 1.2.x through 1.2.12, update to version 1.2.13 or later.

Name of the Vulnerable Software and Affected Versions: Windows Vista Linux-based operating systems (affected versions not specified) Description: A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions. This issue was reported to affect Windows Vista in 2008. Some Linux-based operating systems have protection mechanisms against this attack. Recommendations: For Windows Vista, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux-based operating systems, ensure that protection mechanisms against this attack are enabled and properly configured.