This whitepaper covers a new technique that utilizes DLL
injection to inject a custom DLL into a running vulnerable process
to add a POP POP RET sequence in the scenario that the vulnerable
program does not include any null byte free sequences. This is a
useful technique to exploit SEH buffer overflow attacks
successfully.
Read more https://packetstormsecurity.com/files/155757/bypassing-nullbyte.pdf