CWE-506 - Embedded Malicious Code
- Abstraction:Class
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2024-07-16
Weakness Name
Embedded Malicious Code
Description
The product contains code that appears to be malicious in nature.
Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
Common Consequences
Scope: Confidentiality, Integrity, Availability
Impact: Execute Unauthorized Code or Commands