Unrated severityNVD Advisory· Published Dec 16, 2010· Updated Apr 29, 2026

CVE-2010-3940

Description

Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Double free vulnerability in win32k.sys in Windows kernel-mode drivers allows local privilege escalation.

Vulnerability

A double free vulnerability exists in the win32k.sys kernel-mode driver in Microsoft Windows. The flaw occurs when the system improperly frees memory that is still in use, specifically in the handling of PFE pointers. This vulnerability affects Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 [1].

Exploitation

An attacker must have valid logon credentials and be able to log on locally to the target system. The attacker then runs a specially crafted application that triggers the double free condition [1]. No remote exploitation or user interaction beyond local access is required.

Impact

Successful exploitation allows a local attacker to gain elevated privileges, potentially executing code with system-level access. This could lead to full compromise of the affected system [1][2].

Mitigation

Microsoft released security update MS10-098 on December 14, 2010 to address this vulnerability. The update corrects the memory management issue in win32k.sys. Customers with automatic updating enabled will receive the update automatically; others should install it manually via Microsoft Update [1][2]. No workarounds are documented if the update is not applied.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Microsoft/Windows Server 20033 versions
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Microsoft/Windows 72 versions
cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
Microsoft/Windows Server 20088 versions
cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 7 more
- cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
Microsoft/Windows Vista3 versions
cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
Microsoft/Windows Xp2 versions
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Microsoft/win32k.sysllm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000