CWE-360

Base Abstraction Level
Pillar — Highest-level weakness category
Class — Abstract, language-independent
Base — Specific enough to detect
Variant — Tied to specific technology
Compound — Requires multiple weaknesses
Incomplete MITRE CWE Status
Stable — Fully reviewed and complete
Draft — Under development, may change
Incomplete — Partially defined by MITRE
Deprecated — No longer recommended
Obsolete — Replaced by another CWE
Exploit: High
Trust of System Event Data

Description

Security based on event locations are insecure and can be spoofed.

Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.

Consequences

Integrity, Confidentiality, Availability, Access Control — Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands

If one trusts the system-event information and executes commands based on it, one could potentially take actions based on a spoofed identity.

Mitigations

Phase: Architecture and Design

Never trust or rely any of the information in an Event for security.