http://blogs.technet.com/msrc/archive/2009/09/08/microsoft-security-advisory-975497-released.aspx. IX. CREDITS ————————- This vulnerability has been discovered by Laurent Gaffié Laurent.gaffie{remove-this}(at)gmail.com. X. REVISION HISTORY …. He received a reply saying that no patch was available along with a workaround and he decided to post the exploit live anyway instead of waiting until it was fixed? Could a person be any more of a jerk? …

For more information about the details of this vulnerability, please read the security advisory AST-2009-008, which was released at the same time as this announcement. The releases of Asterisk 1.4.26.3, 1.6.0.17, and 1.6.1.9 include the fix … The releases of Asterisk 1.4.26.3, 1.6.0.17, and 1.6.1.9 include the fix described in security advisory AST-2009-008, and also contain a fix where it may be possible for someone to execute a cross-site AJAX request exploit. …

To exploit this vulnerability, an attacker must be able to run code on the target system. IV. Workaround An errata notice, FreeBSD-EN-09:05.null has been released simultaneously to this advisory, and contains a kernel patch implementing …