Tag Archives: CVE-2002-0265

CWE-279 – Incorrect Execution-Assigned Permissions

Read Time:31 Second

Description

While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-732

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

Phase: Architecture and Design, Operation

Description: 

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Phase: Architecture and Design

Description: 

CVE References