CWE-422: Unprotected Windows Messaging Channel ('Shatter')

ID CWE-422

Abstraction Variant

Structure Simple

Status Draft

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

Modes of Introduction

Phase	Note
Architecture and Design

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-420	Unprotected Alternate Channel	Base	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-360	Trust of System Event Data	Base	Simple	Incomplete