EMET is Microsoft's tool to make exploits more difficult by adding protections like DEP and ASLR. However, the document outlines how an attacker could bypass EMET protections and disable them using return-oriented programming. The attacker identifies a vulnerability in Firebird that provides enough space for payload. Despite EMET protections, the attacker is able to craft a 19 gadget ROP chain to dynamically resolve EMET's base address and modify configuration offsets to disable protections. A demonstration shows it working to exploit a system with EMET installed. Later EMET versions addressed this by storing configuration in randomized memory.