A couple of months ago a RTF 0-day was used in attacks and to bypass ASLR (Address Space Layout Randomization) it was using a non-ASLR module MSCOMCTL.OCX.  This got me interested to research into how it was actually loading up and discover if there were any more modules that could be used in the future…