The product appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.

What CVEs are caused by CWE-507?

1 recorded CVEs are attributed to CWE-507, including CVE-2020-26292.

What are the consequences of CWE-507?

Exploiting CWE-507 can lead to: Execute Unauthorized Code or Commands.

Is CWE-507 actively exploited?

1 recorded CVEs are caused by CWE-507; none are currently in CISA's KEV catalog of actively exploited flaws.

CWE-507: Trojan Horse

How to prevent it

Practical mitigations for CWE-507, grouped by where in the lifecycle they apply.

Operation

Most antivirus software scans for Trojan Horses.

Installation

Verify the integrity of the product that is being installed.

CWE-507: Trojan Horse

How to prevent it

CWE-507: Trojan Horse

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-507?

What CVEs are caused by CWE-507?

How do you prevent CWE-507?

What are the consequences of CWE-507?

Is CWE-507 actively exploited?

References

Stay ahead of CWE-507

How to prevent it

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-507?

What CVEs are caused by CWE-507?

How do you prevent CWE-507?

What are the consequences of CWE-507?

Is CWE-507 actively exploited?

References

Stay ahead of CWE-507