A short paper discussing exploitation of vulnerabilities consisting of a null byte written passed the end of a dynamically allocated buffer.
You can download it from the following link: https://packetstormsecurity.com/files/download/31279/heap_off_by_one.txt
Source: https://packetstormsecurity.com/files/31279/heap_off_by_one.txt.html