For those who like to keep abreast of security issues, there are
interesting developments happening at BlackHat with regards to Cisco
IOS and its vulnerability to arbitrary code executions.
I apologize for the article itself being brief and lean on technical
details, but allow me to say that it does represent a real problem
(as in practical and confirmed):
Yes, practical _and_ confirmed, but you'll never get $vendor to
admit it, which is the problem to begin with.