CAPEC-23: File Content Injection

Description
An adversary poisons files with a malicious payload (targeting the file systems accessible by the target software), which may be passed through by standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes, in order to exploit the host's trust in executing remote content, including binary files.
Extended Description

Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the adversary knows the standard handling routines and can identify vulnerabilities and entry points, they can be exploited by otherwise seemingly normal content. Once the attack is executed, the adversary's program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.

Severity :

Very High

Possibility :

High

Type :

Standard
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-35: Leverage Executable Code in Non-Executable Files Leverage Executable Code in Non-Executable Files CAPEC-44: Overflow Binary Resource File Overflow Binary Resource File CAPEC-165: File Manipulation File Manipulation CAPEC-242: Code Injection Code Injection
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The target software must consume files.
  • The adversary must have access to modify files that the target software will consume.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Medium How to poison a file with malicious payload that will exploit a vulnerability when the file is opened. The adversary must also know how to place the file onto a system where it will be opened by an unsuspecting party, or force the file to be opened.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-20: Improper Input Validation

Visit http://capec.mitre.org/ for more details.