Detailedlikelihood: Highseverity: HighDraft

CAPEC-42MIME Conversion

Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High

Description

An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Related weaknesses· 4

CWE-120CWE-119CWE-74CWE-20

Related attack patterns· 1

CAPEC-100 (ChildOf)

Exploits4

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-20100%live
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-119100%live
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-120100%live
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC
IMAP/SMTP Command Injection
CAPEC
XSS Using MIME Type Mismatch
CAPEC
File Content Injection
CAPEC
Email Injection
CAPEC
Overflow Variables and Tags
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.