CAPEC-23: File Content Injection

An adversary poisons files with a malicious payload (targeting the file systems accessible by the target software), which may be passed through by standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes, in order to exploit the host's trust in executing remote content, including binary files.

Very High

Typical severity

Per MITRE

High

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

Overview

Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the adversary knows the standard handling routines and can identify vulnerabilities and entry points, they can be exploited by otherwise seemingly normal content. Once the attack is executed, the adversary's program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.

CAPEC-23: File Content Injection

Overview

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Frequently asked questions

What is CAPEC-23?

How do you prevent CAPEC-23?

What weaknesses does CAPEC-23 target?

How severe is CAPEC-23?

References

Defend against CAPEC-23

Overview

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Child

Peer

Can also be

Frequently asked questions

What is CAPEC-23?

How do you prevent CAPEC-23?

What weaknesses does CAPEC-23 target?

How severe is CAPEC-23?

References

Defend against CAPEC-23