Detailed attack pattern
Draft
CAPEC-556: Replace File Extension Handlers
When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened.
Last updated
Not rated
Typical severity
Per MITRE
Not rated
Likelihood of attack
Per MITRE
1
Related weaknesses
CWEs this targets
Detailed
Abstraction
MITRE classification
Overview
CAPEC-556 (Replace File Extension Handlers) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How to mitigate it
Defenses that reduce the risk of CAPEC-556.
- Inspect registry for changes. Limit privileges of user accounts so changes to default file handlers can only be performed by authorized administrators.
Terminology & mappings
Mapped taxonomies
- ATTACK: Event Triggered Execution:Change Default File Association (1546.001)