High severity7.8CISA KEVNVD Advisory· Published Jan 21, 2010· Updated Apr 22, 2026

CVE-2010-0232

Description

The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."

Affected products

Microsoft/Windows 2000
cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
Microsoft/Windows 7
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x86:*
Microsoft/Windows Xp2 versions
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:-:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:-:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.microsoft.com/technet/security/advisory/979682.mspxnvdBroken LinkPatchVendor Advisory
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-015nvdPatchVendor Advisory
lock.cmpxchg8b.com/c0af0967d904cef2ad4db766a00bc6af/KiTrap0D.zipnvdBroken LinkExploit
seclists.org/fulldisclosure/2010/Jan/341nvdExploitMailing ListThird Party Advisory
www.securityfocus.com/bid/37864nvdBroken LinkExploitThird Party AdvisoryVDB Entry
secunia.com/advisories/38265nvdBroken LinkVendor Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/509106/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
www.us-cert.gov/cas/techalerts/TA10-040A.htmlnvdThird Party AdvisoryUS Government Resource
www.vupen.com/english/advisories/2010/0179nvdBroken LinkVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/55742nvdThird Party AdvisoryVDB Entry
blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspxnvdBroken Link
lists.immunitysec.com/pipermail/dailydave/2010-January/006000.htmlnvdBroken Link
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8344nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.059
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000