CWE-422 - Unprotected Windows Messaging Channel ('Shatter')
CWE-422
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Unprotected Windows Messaging Channel ('Shatter')
- Description
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
- Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website