Is priveleged application doesn't check system messages data it may be possible to execute code in application context by setting callback functions or excluding limits causing buffer overflws.
vulners.com/securityvulns/securityvulns:doc:3401
vulners.com/securityvulns/securityvulns:doc:3864
vulners.com/securityvulns/securityvulns:doc:3871
vulners.com/securityvulns/securityvulns:doc:4912
vulners.com/securityvulns/securityvulns:doc:4995
vulners.com/securityvulns/securityvulns:doc:5291