CVE-2010-0233

Microsoft Windows - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0233. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This exploit demonstrates a local privilege escalation vulnerability in the Windows kernel via a double-free bug in NtFilterToken(). It triggers the vulnerability by manipulating TOKEN_GROUPS structures to cause a use-after-free condition.

Description

Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tavis Ormandy · clocalwindows
https://www.exploit-db.com/exploits/33593

This exploit demonstrates a local privilege escalation vulnerability in the Windows kernel via a double-free bug in NtFilterToken(). It triggers the vulnerability by manipulating TOKEN_GROUPS structures to cause a use-after-free condition.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Microsoft Windows (kernel)
No auth needed
Prerequisites: Local access to the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8392
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA10-040A.html

Scores

EPSS 0.0270
EPSS Percentile 83.9%

Details

Status published
Products (9)
microsoft/windows_2000 sp4
microsoft/windows_server_2003
microsoft/windows_server_2008 (5 CPE variants)
microsoft/windows_server_2008 sp2 x32
microsoft/windows_vista
microsoft/windows_vista sp1
microsoft/windows_vista sp2
microsoft/windows_xp
microsoft/windows_xp sp3
Published Feb 10, 2010
Tracked Since Feb 18, 2026