Security researchers have defeated vulnerability protections baked into the
latest versions of Internet Explorer, demonstrating that it's possible to poke
holes in a safety net that's widely relied on to keep end users safe from
drive-by exploits.
By exploiting weaknesses in Adobe Systems' Flash Player, researchers have
devised two separate attacks that bypass mitigations Microsoft put into IE 7 and
8. Known as ASLR, or address space layout randomization, and DEP, or data
execution prevention, the technologies are designed to lessen the severity of
bugs by making it hard for them to cause the execution of malicious code.