VariantIncomplete

CWE-69Improper Handling of Windows ::DATA Alternate Data Stream

Category: other

Description

The product does not properly prevent access to, or detect usage of, alternate data streams (ADS). An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and 'dir' at the command line utility. Alternately, the attacker might be able to bypass intended access restrictions for the associated data fork.

Common consequences· 1

  • Access Control / Non-Repudiation / Other — Bypass Protection Mechanism, Hide Activities, Other

Potential mitigations· 1

  • [Implementation]Ensure that the source code correctly parses the filename to read or write to the correct stream.

Related CAPEC attack patterns· 1

CAPEC-168

References

  1. https://cwe.mitre.org/data/definitions/69.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternWindows ::DATA Alternate Data Streamcapec-168100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-3941cve-2025-39410%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Windows ::DATA Alternate Data Stream
CWE
Improper Handling of Apple HFS+ Alternate Data Stream Path
CWE
Windows Hard Link
CWE
Insecure Operation on Windows Junction / Mount Point
CWE
Files or Directories Accessible to External Parties
CWE
Path Equivalence: 'fakedir/../realdir/filename'
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.