CAPEC-636

Hiding Malicious Data or Code within Files
Haute
Draft
2018-05-31
00h00 +00:00
2023-01-24
00h00 +00:00
CAPEC Mitre.org
Alerte pour un CAPEC
Restez informé de toutes modifications pour un CAPEC spécifique.
Gestion des notifications

Descriptions du CAPEC

Files on various operating systems can have a complex format which allows for the storage of other data, in addition to its contents. Often this is metadata about the file, such as a cached thumbnail for an image file. Unless utilities are invoked in a particular way, this data is not visible during the normal use of the file. It is possible for an attacker to store malicious data or code using these facilities, which would be difficult to discover.

Informations du CAPEC

Conditions préalables

The operating system must support a file system that allows for alternate data storage for a file.

Atténuations

Many tools are available to search for the hidden data. Scan regularly for such data using one of these tools.

Faiblesses connexes

CWE-ID Nom de la faiblesse

CWE-506

 Embedded Malicious Code
The product contains code that appears to be malicious in nature.

Références

REF-493

Alternate Data Streams: Out of the Shadows and into the Light
Means, Ryan L..
https://www.giac.org/paper/gcwn/230/alternate-data-streams-shadows-light/104234

Soumission

Nom Organisation Date Date de publication
CAPEC Content Team The MITRE Corporation 2018-05-31 +00:00

Modifications

Nom Organisation Date Commentaire
CAPEC Content Team The MITRE Corporation 2019-04-04 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2021-06-24 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Taxonomy_Mappings
CAPEC Content Team The MITRE Corporation 2023-01-24 +00:00 Updated Related_Weaknesses