Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution.
vulners.com/securityvulns/securityvulns:doc:27471
vulners.com/securityvulns/securityvulns:doc:27472