Unprotected Windows Messaging Channel ('Shatter') |
Weakness ID: 422 (Weakness Variant) | Status: Draft |
Description Summary
The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
Reference | Description |
---|---|
CVE-2002-0971 | Bypass GUI and access restricted dialog box. |
CVE-2002-1230 | Gain privileges via Windows message. |
CVE-2003-0350 | A control allows a change to a pointer for a callback function using Windows message. |
CVE-2003-0908 | Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access "open file" dialog. |
CVE-2004-0213 | Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908. |
CVE-2004-0207 | User can call certain API functions to modify certain properties of privileged programs. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 360 | Trust of System Event Data | Research Concepts1000 |
ChildOf | Weakness Base | 420 | Unprotected Alternate Channel | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Category | 634 | Weaknesses that Affect System Processes | Resource-specific Weaknesses (primary)631 |
Possibly under-reported, probably under-studied. It is suspected that a number of publicized vulnerabilities that involve local privilege escalation on Windows systems may be related to Shatter attacks, but they are not labeled as such. Alternate channel attacks likely exist in other operating systems and messaging models, e.g. in privileged X Windows applications, but examples are not readily available. |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Unprotected Windows Messaging Channel ('Shatter') |
Paget. "Exploiting design flaws in the Win32 API for privilege escalation. Or... Shatter Attacks - How to break Windows". August, 2002. <http://web.archive.org/web/20060115174629/http://security.tombom.co.uk/shatter.html>. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes, Taxonomy Mappings | ||||
2008-10-14 | CWE Content Team | MITRE | Internal | |
updated Other Notes, Relationship Notes, Research Gaps |