1. Home
  2. Weaknesses
  3. CWE-781

CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code

ID CWE-781
Abstraction Variant
Structure Simple
Status Draft
Detail Web & Social
The product defines an IOCTL that uses METHOD_NEITHER for I/O, but it does not validate or incorrectly validates the addresses that are provided.

When an IOCTL uses the METHOD_NEITHER option for I/O control, it is the responsibility of the IOCTL to validate the addresses that have been supplied to it. If validation is missing or incorrect, attackers can supply arbitrary memory addresses, leading to code execution or a denial of service.

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Language C
Language C++
Operating_system Windows NT

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input Base Simple Incomplete
CWE-1000 Research Concepts Draft CWE-822 Untrusted Pointer Dereference Base Simple Incomplete