Two friends of mine Max and Ivan from Core Security talk with SC magazine about one of the weaknesses that Microsoft has not been able to completely close in Vista.
Good article and they are spot on about the ASLR issue. It randomizes memory utilization to help minimize the potential effectiveness (an attempt to get rid of them completely) of buffer overflow attacks. If it is used it will stop a lot and I would put it easily in the 80-90% effectiveness category but not perfect.
This is why I have been pointing to the solution offered by Determina for a while in this category. To be honest I am surprised Microsoft has hasn't bought them yet and integrated their product. I haven't been able to find any instance in which it didn't work to stop the overflow and it protects all the applications on the system.
I just discovered that Determina has started up a blog. If you get a chance Sandy or Alex why don't you tell us what the difference is between what you do and what he standard memory randomization methods do?