CWE-360: Trust of System Event Data

BaseIncompleteExploit Likelihood: High

Security based on event locations are insecure and can be spoofed.

View on MITRE
Back to CWE Lookup

Extended Description

Events are a messaging system which may provide control data to programs listening for events. Events often do not have any type of authentication framework to allow them to be verified from a trusted source. Any application, in Windows, on a given desktop can send a message to any window on the same desktop. There is no authentication framework for these messages. Therefore, any message can be used to manipulate any process on the desktop if the process does not check the validity and safeness of those messages.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-360

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references