CWE-422: Unprotected Windows Messaging Channel ('Shatter')
ID
CWE-422
Abstraction
Variant
Structure
Simple
Status
Draft
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
Loading...