VYPR
← All advisories
High severity7.8NVD Advisory· Published Aug 11, 2010· Updated Apr 29, 2026

CVE-2010-1889

CVE-2010-1889

Description

Double free vulnerability in Windows kernel allows local users to gain privileges via a crafted application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Double free vulnerability in Windows kernel allows local users to gain privileges via a crafted application.

Vulnerability

A double free vulnerability exists in the Windows kernel, affecting Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 [1]. The issue occurs during object initialization in error handling, leading to a double free condition when a crafted application triggers specific error paths [1].

Exploitation

An attacker must have valid logon credentials and be able to log on locally to the system [1]. The attacker runs a specially crafted application that triggers the double free vulnerability in the kernel [1].

Impact

Successful exploitation could allow an attacker to elevate privileges and gain complete control of the affected system [1]. This includes the ability to install programs, view/change/delete data, or create new accounts with full user rights [1].

Mitigation

Microsoft released security update MS10-047 to address this vulnerability on August 10, 2010 [1]. Customers with automatic updating enabled will have the update applied automatically. Manual installation is recommended for those without automatic updating. No workaround is mentioned; applying the update is the only mitigation [1].

References
  1. Microsoft Security Bulletin MS10-047 - Important

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Microsoft/Windows Server 20087 versions
    cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 6 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • Microsoft/Windows5 versions
    cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
    • (no CPE)range: Vista SP1/SP2, Server 2008 Gold/SP2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.