1. Home
  2. CWE Database
  3. CWE-422
Variant · Low-Medium

CWE-422: Unprotected Windows Messaging Channel ('Shatter')

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly...

CWE-422 · Variant Level ·6 CVEs ·1 Mitigations

Description

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

Potential Impact

Access Control

Gain Privileges or Assume Identity, Bypass Protection Mechanism

Mitigations & Prevention

Architecture and Design

Always verify and authenticate the source of the message.

Real-World CVE Examples

CVE IDDescription
CVE-2002-0971Bypass GUI and access restricted dialog box.
CVE-2002-1230Gain privileges via Windows message.
CVE-2003-0350A control allows a change to a pointer for a callback function using Windows message.
CVE-2003-0908Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access "open file" dialog.
CVE-2004-0213Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908.
CVE-2004-0207User can call certain API functions to modify certain properties of privileged programs.

CWE-420: Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

CWE-360: Trust of System Event Data

Security based on event locations are insecure and can be spoofed.

Taxonomy Mappings

  • PLOVER: — Unprotected Windows Messaging Channel ('Shatter')
  • Software Fault Patterns: SFP30 — Missing endpoint authentication

Frequently Asked Questions

What is CWE-422?

CWE-422 (Unprotected Windows Messaging Channel ('Shatter')) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly...

How can CWE-422 be exploited?

Attackers can exploit CWE-422 (Unprotected Windows Messaging Channel ('Shatter')) to gain privileges or assume identity, bypass protection mechanism. This weakness is typically introduced during the Architecture and Design phase of software development.

How do I prevent CWE-422?

Key mitigations include: Always verify and authenticate the source of the message.

What is the severity of CWE-422?

CWE-422 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 6 real-world CVEs.