Asterisk Project Security Advisory – A common usage of the ${EXTEN} channel variable in a dialplan with wildcard pattern matches can lead to a possible string injection vulnerability. By having a wildcard match in a dialplan, it is possible to allow unintended calls to be executed.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86478/AST-2010-002.txt
Source: https://packetstormsecurity.com/files/86478/Asterisk-Project-Security-Advisory-AST-2010-002.html