Standardseverity: HighDraft

CAPEC-635Alternative Execution Due to Deceptive Filenames

Abstraction
Standard
Status
Draft
Severity
High

Description

The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information. Metadata: standard CAPEC pattern, status draft, severity high. Underlying weakness: CWE-162. Mapped ATT&CK technique: [object Object]. Related CAPEC pattern: [object Object].

Related weaknesses· 1

CWE-162

MITRE ATT&CK crosswalk· 1

T1036.007: Masquerading: Double File Extension

Related attack patterns· 1

CAPEC-165 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Trailing Special Elementscwe-162100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueDouble File Extensiont1036.007100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Adding a Space to a File Extension
CAPEC
Replace File Extension Handlers
CAPEC
File Manipulation
CAPEC
Create files with the same name as files protected with a higher classification
CAPEC
Replace Trusted Executable
CAPEC
Cause Web Server Misclassification
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.