Credit: Fermin Serna
Fermin demonstrated and documented in exquisite detail how to turn a lossy out-of-bounds memory read vulnerability into full chosen-address memory disclosure. He showed how proper heap manipulation and creativity can build a limited exploitation primitive into a much more powerful one. Oh right, we are supposed to make jokes about these. Too bad nothing actually runs Flash.