CAPEC-562: Modify Shared File
An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.
Last updated
Overview
CAPEC-562 (Modify Shared File) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How to mitigate it
Defenses that reduce the risk of CAPEC-562.
- Disallow shared content. Protect shared folders by minimizing users that have write access. Use utilities that mitigate exploitation like the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to prevent exploits from being run.
Terminology & mappings
Mapped taxonomies
- ATTACK: Taint shared content (1080)
Frequently asked questions
Common questions about CAPEC-562.
- What is CAPEC-562?
- An adversary manipulates the files in a shared location by adding malicious programs, scripts, or exploit code to valid content. Once a user opens the shared content, the tainted content is executed.
- How do you prevent CAPEC-562?
- Disallow shared content. Protect shared folders by minimizing users that have write access. Use utilities that mitigate exploitation like the Microsoft Enhanced Mitigation Experience Toolkit (EMET) to prevent exploits from being run.
- What weaknesses does CAPEC-562 target?
- CAPEC-562 exploits 1 CWE weakness, including CWE-284 (Improper Access Control).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-562
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.