Dark Mode

Settings

Capec-635 Detail

Alternative Execution Due to Deceptive Filenames

Standard Software Typical Severity: High

Parents: 165

Children: 11 649

Threats: T68 T274 T393

Description

The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information.

Not present

External ID Source Link Description
CAPEC-635 capec https://capec.mitre.org/data/definitions/635.html
CWE-162 cwe http://cwe.mitre.org/data/definitions/162.html
T1036.007 ATTACK https://attack.mitre.org/wiki/Technique/T1036/007 Masquerading: Double File Extension

Not present

  1. The use of the file must be controlled by the file extension.

Not present

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.