CWE-360: Trust of System Event Data

Security based on event locations are insecure and can be spoofed.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

High

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.

CWE-360: Trust of System Event Data

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-360?

What CVEs are caused by CWE-360?

How do you prevent CWE-360?

What are the consequences of CWE-360?

Is CWE-360 actively exploited?

References

Stay ahead of CWE-360

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-360?

What CVEs are caused by CWE-360?

How do you prevent CWE-360?

What are the consequences of CWE-360?

Is CWE-360 actively exploited?

References

Stay ahead of CWE-360