An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.

How do you prevent CAPEC-562?

Disallow shared content. Protect shared folders by minimizing users that have write access. Use utilities that mitigate exploitation like the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to prevent exploits from being run.

What weaknesses does CAPEC-562 target?

CAPEC-562 exploits 1 CWE weakness, including CWE-284 (Improper Access Control).

CAPEC-562: Modify Shared File

Overview

CAPEC-562 (Modify Shared File) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

How to mitigate it

Defenses that reduce the risk of CAPEC-562.

Disallow shared content. Protect shared folders by minimizing users that have write access. Use utilities that mitigate exploitation like the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to prevent exploits from being run.

The CWE weaknesses that CAPEC-562 exploits.

CWE-284: Improper Access Control

How this attack relates to others in the CAPEC hierarchy.

Parent

CAPEC-17: Using Malicious Files

Terminology & mappings

Mapped taxonomies

ATTACK: Taint shared content (1080)

CAPEC-562: Modify Shared File

Overview

How to mitigate it

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-562?

How do you prevent CAPEC-562?

What weaknesses does CAPEC-562 target?

References

Defend against CAPEC-562

Overview

How to mitigate it

Related weaknesses

Related attack patterns

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-562?

How do you prevent CAPEC-562?

What weaknesses does CAPEC-562 target?

References

Defend against CAPEC-562