CAPEC-642: Replace Binaries
ID
CAPEC-642
Typical Severity
High
Status
Draft
Adversaries know that certain binaries will be regularly executed as part of normal processing. If these binaries are not protected with the appropriate file system permissions, it could be possible to replace them with malware. This malware might be executed at higher system permission levels. A variation of this pattern is to discover self-extracting installation packages that unpack binaries to directories with weak file permissions which it does not clean up appropriately. These binaries can be replaced by malware, which can then be executed.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-732 | Incorrect Permission Assignment for Critical Resource | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| ATTACK | 1505.005 | Server Software Component: Terminal Services DLL |
| ATTACK | 1554 | Compromise Client Software Binary |
| ATTACK | 1574.005 | Hijack Execution Flow:Executable Installer File Permissions Weakness |
| OWASP Attacks | Binary planting |