CAPEC-635

Alternative Execution Due to Deceptive Filenames
Haute
Draft
2018-05-31
00h00 +00:00
2022-09-29
00h00 +00:00
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information.

Informations du CAPEC

Conditions préalables

The use of the file must be controlled by the file extension.

Atténuations

Applications should insure that the content of the file is consistent with format it is expecting, and not depend solely on the file extension.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-162

Improper Neutralization of Trailing Special Elements
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes trailing special elements that could be interpreted in unexpected ways when they are sent to a downstream component.

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2018-05-31 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings