The 2013 Pwnie Nominee For Best Server-Side Bug

Asterisk Stack Overflow (CVE-2012-5976)

Credit: drraid

Last November, drraid demonstrated the exploitation of a server-side bug in Asterisk, which really liked putting HTTP request buffers all over its stack. He used multiple threads to disclose memory and control EIP despite the PIE ASLR protections in the Linux kernel.