This proof of concept exploit triggers a null pointer vulnerability in OffsetChildren on Windows 7 32-bit. By mapping the null page an attacker can leverage this vulnerability to write to an arbitrary address.
930c6248c06d0f17df00bdda4843801b8c2604cfcf1b9138399dbc83fe37120b