This document summarizes a vulnerability (CVE-2013-2556) that allows bypassing of address space layout randomization (ASLR). It discusses how on 32-bit Windows, a fixed pointer to KiFastSystemCall could be leveraged, and on 32-bit processes on 64-bit Windows, a fixed pointer to LdrHotPatchRoutine could be used to load arbitrary DLLs. Microsoft patch MS13-063 addressed this by removing the fixed pointer to LdrHotPatchRoutine and making its location randomized.