logo

Trust of System Event Data

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when software blindly trusts system event data without verifying its source, allowing attackers to spoof events and manipulate application behavior.

Extended Description

System events, like Windows messages or application-level notifications, function as an internal broadcast system without built-in authentication. Any program running in the same context (like a Windows desktop session) can send these events to any listening window or process. Since there's no default mechanism to verify where an event originated, malicious applications can easily forge them. To prevent exploitation, developers must implement explicit validation for all incoming event data. This includes verifying the sender's identity or permissions, sanitizing the event content, and implementing allow-lists for expected commands. Never assume an event is safe simply because it arrived through a system messaging channel.
Common Consequences 1
Scope: IntegrityConfidentialityAvailabilityAccess Control

Impact: Gain Privileges or Assume IdentityExecute Unauthorized Code or Commands

If one trusts the system-event information and executes commands based on it, one could potentially take actions based on a spoofed identity.
Potential Mitigations 1
Phase: Architecture and Design
Never trust or rely any of the information in an Event for security.
Demonstrative Examples 1
This example code prints out secret information when an authorized user activates a button:

Code Example:

Bad
Java
java
This code does not attempt to prevent unauthorized users from activating the button. Even if the button is rendered non-functional to unauthorized users in the application UI, an attacker can easily send a false button press event to the application window and expose the secret information.
Observed Examples 1
CVE-2004-0213Attacker uses Shatter attack to bypass GUI-enforced protection for CVE-2003-0908.
References 1
The CLASP Application Security Process
Secure Software, Inc.
2005
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)
ID: REF-18
Likelihood of Exploit

High

Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Weaknesses
ChildOf: Insufficient Verification of Data Authenticity (CWE-345)
Taxonomy Mapping
  • CLASP
  • Software Fault Patterns