|
|
Status: Draft Weakness ID: 622 (Weakness Variant)Description Summary A product adds hooks to user-accessible API functions, but does not properly validate the arguments. This could lead to resultant vulnerabilities. Extended Description Such hooks can be used in defensive software that runs with privileges, such as anti-virus or firewall, which hooks kernel calls. When the arguments are not validated, they could be used to bypass the protection scheme or attack the product itself. Potential Mitigations Ensure that all arguments are verified, as defined by the API you are protecting. Drop privileges before invoking such functions, if possible. Observed Examples
Other Notes This weakness is usually primary. Relationships
Applicable Platforms Languages All Time of Introduction  ImplementationContent History Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Description, Relationships, Observed_Example, Other_Notes |
|
|
|||
