Read Time:52 Second

Description

The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-420
CWE-360

 

Consequences

Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Always verify and authenticate the source of the message.

CVE References

  • CVE-2003-0350
    • A control allows a change to a pointer for a callback function using Windows message.
  • CVE-2003-0908
    • Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access “open file” dialog.
  • CVE-2004-0213
    • Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908.
  • CVE-2004-0207
    • User can call certain API functions to modify certain properties of privileged programs.