CWE-422

Unprotected Windows Messaging Channel ('Shatter')

AI Translation Available

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

Status

draft

Abstraction

variant

Affected Platforms

Technical Details

AI Translation

Common Consequences

access control

Impacts

gain privileges or assume identity bypass protection mechanism

Potential Mitigations

Phases:

architecture and design

Descriptions:

• Always verify and authenticate the source of the message.

AI Generated Translation

Common Consequences

controllo degli accessi

Impacts

ottenere privilegi o assumere identità elusione del meccanismo di protezione

Potential Mitigations

Phases:

architettura e design

Descriptions:

• Verifica sempre e autentica la fonte del messaggio.

CWE-422

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter