ASLR bypassing has become more and more common in Zero-Day attacks. The easiest and most popular way to defeat ASLR protection is loading a non-ASLR module. The technique requires that IE 8 and IE 9 must be running with old software such as JRE 1.6, Office 2007/2010. The Adobe XFA 0day exploit uses this technique to find the AcroFormbase address and buildsROP chain dynamically to bypass ASLR and DEP. Another technique involves the modification of the BSTR length/null terminator.
Source: https://thehackernews.com/2013/10/aslr-bypass-techniques-are-popular-with.html