CWE-422
Unprotected Windows Messaging Channel ('Shatter')
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2023-06-29
00h00 +00:00
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Unprotected Windows Messaging Channel ('Shatter')
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
General Informations
Modes Of Introduction
Architecture and DesignApplicable Platforms
Language
Class: Not Language-Specific (Undetermined)Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Access Control | Gain Privileges or Assume Identity, Bypass Protection Mechanism |
Observed Examples
| References | Description |
|---|---|
CVE-2002-0971 | Bypass GUI and access restricted dialog box. |
CVE-2002-1230 | Gain privileges via Windows message. |
CVE-2003-0350 | A control allows a change to a pointer for a callback function using Windows message. |
CVE-2003-0908 | Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access "open file" dialog. |
CVE-2004-0213 | Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908. |
CVE-2004-0207 | User can call certain API functions to modify certain properties of privileged programs. |
Potential Mitigations
Phases : Architecture and DesignAlways verify and authenticate the source of the message.
Vulnerability Mapping Notes
Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
NotesNotes
Overlaps privilege errors and UI errors.Possibly under-reported, probably under-studied. It is suspected that a number of publicized vulnerabilities that involve local privilege escalation on Windows systems may be related to Shatter attacks, but they are not labeled as such.
Alternate channel attacks likely exist in other operating systems and messaging models, e.g. in privileged X Windows applications, but examples are not readily available.
References
REF-402
Exploiting design flaws in the Win32 API for privilege escalation. Or... Shatter Attacks - How to break WindowsPaget.
http://web.archive.org/web/20060115174629/http://security.tombom.co.uk/shatter.html
REF-62
The Art of Software Security AssessmentMark Dowd, John McDonald, Justin Schuh.
REF-62
The Art of Software Security AssessmentMark Dowd, John McDonald, Justin Schuh.
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| Eric Dalci | Cigital | updated Potential_Mitigations, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Other_Notes, Relationship_Notes, Research_Gaps | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated References, Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
