CAPEC-635: Alternative Execution Due to Deceptive Filenames
The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information.
Last updated
Overview
CAPEC-635 (Alternative Execution Due to Deceptive Filenames) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The use of the file must be controlled by the file extension.
How to mitigate it
Defenses that reduce the risk of CAPEC-635.
- Applications should insure that the content of the file is consistent with format it is expecting, and not depend solely on the file extension.
Terminology & mappings
Mapped taxonomies
- ATTACK: Masquerading: Double File Extension (1036.007)
Frequently asked questions
Common questions about CAPEC-635.
- What is CAPEC-635?
- The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information.
- How do you prevent CAPEC-635?
- Applications should insure that the content of the file is consistent with format it is expecting, and not depend solely on the file extension.
- What weaknesses does CAPEC-635 target?
- CAPEC-635 exploits 1 CWE weakness, including CWE-162 (Improper Neutralization of Trailing Special Elements).
- How severe is CAPEC-635?
- MITRE rates CAPEC-635 as High severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-635
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.