CAPEC-35: Leverage Executable Code in Non-Executable Files
ID
CAPEC-35
Typical Severity
Very High
Likelihood Of Attack
High
Status
Draft
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') | weakness |
| CWE-94 | Improper Control of Generation of Code ('Code Injection') | weakness |
| CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | weakness |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | weakness |
| CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | weakness |
| CWE-270 | Privilege Context Switching Error | weakness |
| CWE-272 | Least Privilege Violation | weakness |
| CWE-282 | Improper Ownership Management | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| ATTACK | 1027.006 | Obfuscated Files or Information: HTML Smuggling |
| ATTACK | 1027.009 | Obfuscated Files or Information: Embedded Payloads |
| ATTACK | 1564.009 | Hide Artifacts: Resource Forking |