The function win32k!IsHandleEntrySecure() doesn't properly check if 'pW32Job' field of 'tagPROCESSINFO' structure for current process contains non-zero value. This allows unprivileged local user to cause null dereference in kernel mode, which produces a BSoD.

When a crafted TTF file is processed by Windows kernel it produces a integer overflow finishing it in a BSoD.

When the win32k.NtGdiScaleViewportExtEx function uses to divide one crafted parameter sent from user, the final result is a "divide error exception" that produces a BSoD.

A double free condition in win32k.sys can be triggered by first linking and then destroying a set of Cursor Objects. This allows unprivileged local user to cause null dereference in kernel mode, which produces a BSoD.

When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD.

This module causes a BSOD in Microsoft Windows when parsing a specially crafted .TTF font file.

A denial of service vulnerability exists in the Windows kernel due to the manner in which the kernel processes the values of symbolic links. This module exploits the vulnerability, causing the system to become unresponsive and automatically restart.

This module exploits a kernel stack exhaustion in Microsoft Windows when parsing a specially crafted OpenType font file.

The OpenType Font driver in Microsoft Windows doesn't sufficiently validate user supplied input, leading to a denial of service vulnerability.

A double free vulnerability in the OpenType Font (OTF) driver in Windows could allow local users to escalate their privileges via a specially crafted OpenType font.