CWE-422: Unprotected Windows Messaging Channel ('Shatter')

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-422 (Unprotected Windows Messaging Channel ('Shatter')) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

CWE-422: Unprotected Windows Messaging Channel ('Shatter')

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-422?

What CVEs are caused by CWE-422?

How do you prevent CWE-422?

What are the consequences of CWE-422?

Is CWE-422 actively exploited?

References

Stay ahead of CWE-422

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Illustrative examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-422?

What CVEs are caused by CWE-422?

How do you prevent CWE-422?

What are the consequences of CWE-422?

Is CWE-422 actively exploited?

References

Stay ahead of CWE-422