The product does not properly verify that the source of data or communication is valid.
An attacker can access any functionality that is inadvertently accessible to the source.
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
CVE-2000-1218DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
CVE-2018-6074Browser does not set Mark-of-the-Web (MotW) for a downloaded .EXE file if the name is close to the maximum path length, preventing recording of a zone identifier in the filename
CVE-2025-0411Zip file extraction program does not propagate Mark-of-the-Web (MotW) metadata to files that are extracted from an Internet-downloaded Zip file
CVE-2025-46652Zip file extraction program does not propagate Mark-of-the-Web (MotW) metadata to files that are extracted from an Internet-downloaded Zip file
CVE-2005-0877DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning