Address Space Layout Randomization (ASLR) jumbles the memory locations of important components of a program making it problematic for attackers to determine where the components exist in in order to exploit them. ASLR is the most effective mans for averting a Windows security breach. However, Current trends in malware show a shift toward an ASLR bypass technique. The technique exploits common programming mistakes that lead to memory corruption, which is when the contents of a memory location are inadvertently changed.
Nearly 10 percent of application crashes on Windows systems are due to memory corruption. If the corruption exists, then the malware tries to extrapolate where the crashing application’s library is in memory by locating the pointer to the library. Reading that pointer will let the malware know where that library is.
Due to the sophistication of this type of attack the most likely attackers using this method would be state sponsored attackers, and those who are paid handsomely to steal sensitive documents from large organizations, defense contractors and government agencies.