Improper Handling of Windows ::DATA Alternate Data Stream
The product does not properly prevent access to, or detect usage of, alternate data streams (ADS).
An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.
Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type.
Weaknesses in this category are related to file handling.
This category identifies Software Fault Patterns (SFPs) within the Malware cluster.
This view (slice) covers all the elements in CWE.
This view (slice) lists weaknesses that can be introduced during implementation.