In a previous article, I explained use-after-free (UAF) vulnerabilities and why they are a common bug, especially in large and complex codebases such as Internet Explorer (IE). Because of this, a number of targeted attacks were found to be leveraging zero-day UAF vulnerabilities to infiltrate their targets. This year alone, two well-publicized campaigns leveraged a zero-day IE UAF vulnerability: Operation SnowMan (CVE-2014-0322) in February and Operation Clandestine Fox (CVE-2014-1776) in April.
As a response to these IE UAF vulnerability discoveries and their role in multiple zero-day attacks, Microsoft introduced two exploit mitigations that aim to increase the cost of exploiting IE UAF vulnerabilities.
more here..............http://securityintelligence.com/understanding-ies-new-exploit-mitigations-the-memory-protector-and-the-isolated-heap/#.VACZd_ldWSo
As a response to these IE UAF vulnerability discoveries and their role in multiple zero-day attacks, Microsoft introduced two exploit mitigations that aim to increase the cost of exploiting IE UAF vulnerabilities.
more here..............http://securityintelligence.com/understanding-ies-new-exploit-mitigations-the-memory-protector-and-the-isolated-heap/#.VACZd_ldWSo