CWE-506Embedded Malicious Code

PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30

Metadata

CWE ID:
CWE-506
摘要:
Class
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2026-04-30

名称

Embedded Malicious Code

描述

The product contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of a product or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

常见后果

范围:
Confidentiality, Integrity, Availability
影响:
Execute Unauthorized Code or Commands

相关 CWE