CVEbaza.plCWE DictionaryCWE-422
Common Weakness Enumeration

CWE-422

Unprotected Windows Messaging Channel ('Shatter')

Category: VariantCVE: 2
Description

The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.

CVE vulnerabilities with CWE-422 (2)
8.8
CVSS
HIGH
CVE-2025-20094

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary code may be executed with SYSTEM privilege.

pub. 2025-02-06
8.8
CVSS
HIGH
CVE-2025-22894

Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of the Windows system where the product is running, arbitrary files in the system may be altered. As a result, an arbitrary DLL may be executed with SYSTEM privilege.

pub. 2025-02-06
Information
ID: CWE-422
Type: Variant
Vulnerabilities: 2
MITRE CWE ↗
← CWE Dictionary