CWE-422: Unprotected Windows Messaging Channel ('Shatter')
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
View on MITRETechnical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
Phase
Description
Always verify and authenticate the source of the message.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Observed CVE Examples (6)
A control allows a change to a pointer for a callback function using Windows message.
View DetailsProduct launches Help functionality while running with raised privileges, allowing command execution using Windows message to access "open file" dialog.
View DetailsAttacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908.
View DetailsUser can call certain API functions to modify certain properties of privileged programs.
View DetailsCWE Relationships
Frequently Asked Questions
What is CWE-422: Unprotected Windows Messaging Channel ('Shatter')?+
CWE-422: Unprotected Windows Messaging Channel ('Shatter') is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
What are the security consequences of Unprotected Windows Messaging Channel ('Shatter')?+
If exploited, CWE-422 (Unprotected Windows Messaging Channel ('Shatter')) it can compromise Access Control, leading to outcomes such as Gain Privileges or Assume Identity and Bypass Protection Mechanism.
How do you prevent or mitigate Unprotected Windows Messaging Channel ('Shatter')?+
Recommended mitigations for CWE-422 include: Always verify and authenticate the source of the message.
Which programming languages are affected by Unprotected Windows Messaging Channel ('Shatter')?+
CWE-422 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Unprotected Windows Messaging Channel ('Shatter')?+
MITRE documents real CVEs mapped to CWE-422, including CVE-2002-0971, CVE-2002-1230, CVE-2003-0350, CVE-2003-0908 and CVE-2004-0213. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-422 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.