CWE-422
Unprotected Windows Messaging Channel ('Shatter')
Description
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
Consequences
Access Control
—
Gain Privileges or Assume Identity, Bypass Protection Mechanism
Mitigations
Phase: Architecture and Design
Always verify and authenticate the source of the message.