Buffer overflow during font files parsing, buffer overflow in CSRSS (Win32 execution subsystem), privilege escalation.
vulners.com/securityvulns/securityvulns:doc:8308
vulners.com/securityvulns/securityvulns:doc:8309