The Windows Font Cache Service exposes section objects insecurely to low privileged users resulting in elevation of privilege.
dcd4603b5df7584c96b28ba89a54652b0a598775dce738ad4fce99ceb40bfde3
Microsoft Windows suffers from a CmpAddRemoveContainerToCLFSLog arbitrary file and directory creation vulnerability that allows for elevation of privilege.
e9fe2f31e8d857a922afac6a9b0dc08c238b42596dd0c0b56fd16a1c45e94752