CWE-422: Unprotected Windows Messaging Channel ('Shatter')
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
Last updated
Overview
CWE-422 (Unprotected Windows Messaging Channel ('Shatter')) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
2 recorded CVEs are caused by CWE-422 (Unprotected Windows Messaging Channel ('Shatter')). The highest-severity and most recent are shown first. 0 new CWE-422 CVEs have been recorded so far in 2026 (2 in 2025).
Common consequences
What can happen when CWE-422 is exploited.
Gain Privileges or Assume Identity, Bypass Protection Mechanism
Affects: Access Control
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
How to prevent it
Practical mitigations for CWE-422, grouped by where in the lifecycle they apply.
Always verify and authenticate the source of the message.
Illustrative examples
Real CVEs that MITRE cites as examples of this weakness.
- CVE-2002-0971 — Bypass GUI and access restricted dialog box.
- CVE-2002-1230 — Gain privileges via Windows message.
- CVE-2003-0350 — A control allows a change to a pointer for a callback function using Windows message.
- CVE-2003-0908 — Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access "open file" dialog.
- CVE-2004-0213 — Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908.
- CVE-2004-0207 — User can call certain API functions to modify certain properties of privileged programs.
Terminology & mappings
Mapped taxonomies
- PLOVER: Unprotected Windows Messaging Channel ('Shatter')
- Software Fault Patterns: Missing endpoint authentication (SFP30)
Frequently asked questions
Common questions about CWE-422.
- What is CWE-422?
- The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
- What CVEs are caused by CWE-422?
- 2 recorded CVEs are attributed to CWE-422, including CVE-2025-20094, CVE-2025-22894.
- How do you prevent CWE-422?
- Always verify and authenticate the source of the message.
- What are the consequences of CWE-422?
- Exploiting CWE-422 can lead to: Gain Privileges or Assume Identity, Bypass Protection Mechanism.
- Is CWE-422 actively exploited?
- 2 recorded CVEs are caused by CWE-422; none are currently in CISA's KEV catalog of actively exploited flaws.
References
- MITRE CWE definition (CWE-422) (opens in a new tab)
- CWE-422 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-422
Get alerted the moment a new CWE-422 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.