The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
Product launches Help functionality while running with raised privileges, allowing command execution using Windows message to access "open file" dialog.
User can call certain API functions to modify certain properties of privileged programs.
Related Attack Patterns (CAPEC)
N/A
Attack TTPs
N/A
Modes of Introduction
Phase
Note
Architecture and Design
N/A
Common Consequences
Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism — Notes:
Potential Mitigations
Architecture and Design: Always verify and authenticate the source of the message. (N/A)
Applicable Platforms
None (Not Language-Specific, Undetermined)
Demonstrative Examples
N/A
Notes
Relationship: Overlaps privilege errors and UI errors.
Research Gap: Possibly under-reported, probably under-studied. It is suspected that a number of publicized vulnerabilities that involve local privilege escalation on Windows systems may be related to Shatter attacks, but they are not labeled as such. Alternate channel attacks likely exist in other operating systems and messaging models, e.g. in privileged X Windows applications, but examples are not readily available.