The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.
/* deslock-dlpcryptc
*
* Copyright (c) 2009 by <mu-b@digit-labsorg>
*
* DESlock+ 402 local kernel SYSTEM exploit
* by mu-b - Thu 18 Jun 2009
*
* - Tested on: dlpcryptsys 01127
*
* text:0001BB2E: 'what do ya want for nothing?'
* - hmmm, something that doesn't pass kernel mode pointers
* between kernel and userland?
*
...