The Microsoft Windows kernel suffers from an invalid read in nt!MiRelocateImage while parsing a malformed PE file.
14cc97653808a5e83777838181351383480596c1a9ab0edd737615c558008d89
On Microsoft Windows, the LsapGetClientInfo API in LSASRV will fallback and directly capture a caller's impersonation token if it fails to impersonate, leading to elevation of privilege if the impersonation level is not checked.
4f77530c88d7c141599b603fabccbde4f773bc1697a54702749961ba91a1346a