Detailedlikelihood: Lowseverity: HighDraft

CAPEC-132Symlink Attack

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. Metadata: detailed CAPEC pattern, status draft, likelihood low, severity high. Underlying weakness: CWE-59. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-59

MITRE ATT&CK crosswalk· 1

T1547.009: Boot or Logon Autostart Execution:Shortcut Modification

Related attack patterns· 1

CAPEC-159 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Link Resolution Before File Access ('Link Following')cwe-59100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueShortcut Modificationt1547.009100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Leveraging Race Conditions via Symbolic Links
CAPEC
Buffer Overflow via Symbolic Links
CAPEC
Path Traversal
CAPEC
Modify Shared File
CAPEC
Alternative Execution Due to Deceptive Filenames
CAPEC
Redirect Access to Libraries
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.