Everyone loves COM, it has so many weird behaviors and features that every time I go digging there’s more to find. This presentation is a deep-dive into the greatest hits of the past 12 months of me taking COM to task, including the following: execute arbitrary code in a COM process with only memory read access, using esoteric, badly designed, hidden features to escape sandboxes, the continuing story of cross-session exploits, abusing COM marshaling primitives, new methods of persistence, and many more.
Some of these topics are bugs, while fixed will give you an insight
into similar bug classes. Other topics are most certainly features
which will be in COM for the foreseeable future.