CWE-422

Unprotected Windows Messaging Channel ('Shatter')

VariantDraft

Description

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

Hierarchy (View 1000)

Parents

CWE-420
CWE-360

Children

none

CVEs mapped to this weakness (0)

No CVEs match the current filter.