http://zhodiac.hispahack.com/my-stuff/security/Flash_ASLR_bypass.pdf TLR Flash is vulnerable to a reliable info leak that allows ASLR to be bypassed making exploitation of other vulnerabilities, on browsers, Acrobat Reader, MS Office and any process that can host Flash, trivial like in the old days where no security mitigations were available. Patch immediately (My personal note) I think it's silly when these get called "ASLR bypasses" because people get confused. This didn't really bypass ASLR, ASLR just wasn't fully supported. Had ASLR been fully supported it would have made this far less viable. It also highlights that a single area of address space not supporting ASLR (though the initial exploit wouldn't' care about ASLR) is often all it takes to construct ROP - so consider what you inject into processes, a single non-aslr DLL undermines the security of the entire program.