Detailedlikelihood: Highseverity: Very HighDraft
CAPEC-35Leverage Executable Code in Non-Executable Files
Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
Very High
Description
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
Related weaknesses· 8
MITRE ATT&CK crosswalk· 3
Related attack patterns· 3
Exploits8
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Control of Generation of Code ('Code Injection')cwe-94 | 100% | live |
| Weakness | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')cwe-95 | 100% | live |
| Weakness | Improper Link Resolution Before File Access ('Link Following')cwe-59 | 100% | live |
| Weakness | Least Privilege Violationcwe-272 | 100% | live |
| Weakness | Improper Ownership Managementcwe-282 | 100% | live |
| Weakness | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')cwe-96 | 100% | live |
| Weakness | Improper Neutralization of Server-Side Includes (SSI) Within a Web Pagecwe-97 | 100% | live |
| Weakness | Privilege Context Switching Errorcwe-270 | 100% | live |
Related to3
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | HTML Smugglingt1027.006 | 100% | live |
| SubTechnique | Embedded Payloadst1027.009 | 100% | live |
| SubTechnique | Resource Forkingt1564.009 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.