Northeastern University researchers say GUIs are the primary conduit through which users interact with computer programs. The researchers claim that fairly unsophisticated attackers can use easily accessible programming utilities such as WinSpy++ or Spy++ in order to select, view, and modify any window in a system, including the hierarchy the widgets within those windows. An attack is reduced to manipulating one or multiple user interface widgets, which is easier than reverse engineering an application s binary, database format, or network protocol.
Source: https://threatpost.com/gui-vulnerabilities-expose-information-disclosure-privilege-escalation/105039/