Dark Mode
Capec-263 Detail
Force Use of Corrupted Files
Detailed Software Typical Severity: Medium
Parents: 17
Threats: T72 T263 T280 T293 T307 T386 T399
This describes an attack where an application is forced to use a file that an attacker has corrupted. The result is often a denial of service caused by the application being unable to process the corrupted file, but other results, including the disabling of filters or access controls (if the application fails in an unsafe way rather than failing by locking down) or buffer overflows are possible.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-263 | capec | https://capec.mitre.org/data/definitions/263.html | |
| CWE-829 | cwe | http://cwe.mitre.org/data/definitions/829.html |
Not present
- The targeted application must utilize a configuration file that an attacker is able to corrupt. In some cases, the attacker must be able to force the (re-)reading of the corrupted file if the file is normally only consulted at startup.
- The severity of the attack hinges on how the application responds to the corrupted file. If the application detects the corruption and locks down, this may result in the denial of services provided by the application. If the application fails to detect the corruption, the result could be a more severe denial of service (crash or hang) or even an exploitable buffer overflow. If the application detects the corruption but fails in an unsafe way, this attack could result in the continuation of services but without certain security structures, such as filters or access controls. For example, if the corrupted file configures filters, an unsafe response from an application could result in simply disabling the filtering mechanisms due to the lack of usable configuration data.
- This varies depending on the resources necessary to corrupt the configuration file and the resources needed to force the application to re-read it (if any).
Not present
Not present
Not present