CWE-422: Unprotected Windows Messaging Channel ('Shatter')
Weakness ID: 422
The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
Time of Introduction
Architecture and Design
Technical Impact: Gain privileges / assume
identity; Bypass protection
Possibly under-reported, probably under-studied. It is suspected that a
number of publicized vulnerabilities that involve local privilege escalation
on Windows systems may be related to Shatter attacks, but they are not
labeled as such.
Alternate channel attacks likely exist in other operating systems and
messaging models, e.g. in privileged X Windows applications, but examples
are not readily available.