Skills Required
Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the attacker to host a payload and then trigger the installation of the payload code.
Resources Required
Software Integrity Attacks are usually a late stage focus of attack activity which depends upon the success of a chain of prior events. The resources required to perform the attack vary with respect to the overall attack strategy, existing countermeasures which must be bypassed, and the success of early phase attack vectors.
Related Weaknesses
CWE-ID |
Weakness Name |
CWE-494 |
Download of Code Without Integrity Check The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. |
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2015-11-09 +00:00 |
Updated Activation_Zone, Injection_Vector, Payload, Payload_Activation_Impact, Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2018-07-31 +00:00 |
Updated Attacker_Skills_or_Knowledge_Required |