Security experts Chris Valasek and Ryan Smith have revealed how they are able to bypass Windows' heap-exploitation mitigation feature. They have presented their findings at the hacker conference Infiltrate. Their discovery allowed them to exploit a vulnerability in Internet Information Services (IIS) 7 (since patched) to inject malicious code and prove that Microsoft's initial assessment that exploitation of the vulnerability could at worst only crash the server was wide of the mark.
