Description
The product appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.
Potential Impact
Confidentiality, Integrity, Availability
Execute Unauthorized Code or Commands
Mitigations & Prevention
Most antivirus software scans for Trojan Horses.
Verify the integrity of the product that is being installed.
Related Weaknesses
Taxonomy Mappings
- Landwehr: — Trojan Horse
Frequently Asked Questions
What is CWE-507?
CWE-507 (Trojan Horse) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system admin...
How can CWE-507 be exploited?
Attackers can exploit CWE-507 (Trojan Horse) to execute unauthorized code or commands. This weakness is typically introduced during the Distribution, Implementation, Operation phase of software development.
How do I prevent CWE-507?
Key mitigations include: Most antivirus software scans for Trojan Horses.
What is the severity of CWE-507?
CWE-507 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.