Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-35:Leverage Executable Code in Non-Executable Files
Attack Pattern ID:35
Version:v3.9
Attack Pattern Name:Leverage Executable Code in Non-Executable Files
Abstraction:Detailed
Status:Draft
Likelihood of Attack:High
Typical Severity:Very High
DetailsContent HistoryRelated WeaknessesReports
8Weaknesses found
CWE-270
Privilege Context Switching Error
ShareView Details
Privilege Context Switching Error
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in20CVEs

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

Impacts-
Gain Privileges or Assume Identity
Tags-
Environment HardeningSeparation of PrivilegeGain Privileges or Assume Identity (impact)
As Seen In-
CWE Cross-section
CWE-272
Least Privilege Violation
ShareView Details
Least Privilege Violation
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in20CVEs

The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.

Impacts-
Read Files or DirectoriesGain Privileges or Assume IdentityRead Application Data
Tags-
Separation of PrivilegeRead Files or Directories (impact)Read Application Data (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available
CWE-282
Improper Ownership Management
ShareView Details
Improper Ownership Management
Likelihood of Exploit-Not Available
Mapping-Allowed-with-Review
Abstraction-Class
Found in23CVEs

The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource.

Impacts-
Gain Privileges or Assume Identity
Tags-
Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available
CWE-59
Improper Link Resolution Before File Access ('Link Following')
ShareView Details
Improper Link Resolution Before File Access ('Link Following')
Likelihood of Exploit-Medium
Mapping-Allowed
Abstraction-Base
Found in1317CVEs

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Impacts-
Modify Files or DirectoriesBypass Protection MechanismExecute Unauthorized Code or CommandsRead Files or Directories
Tags-
Medium exploitSeparation of PrivilegeWindows(os class)Unix(os class)Execute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Files or Directories (impact)Modify Files or Directories (impact)
As Seen In-
Originally Used by NVD from 2008 to 2016CWE Cross-section
CWE-94
Improper Control of Generation of Code ('Code Injection')
ShareView Details
Improper Control of Generation of Code ('Code Injection')
Likelihood of Exploit-Medium
Mapping-Allowed-with-Review
Abstraction-Base
Found in5106CVEs

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Impacts-
Bypass Protection MechanismExecute Unauthorized Code or CommandsGain Privileges or Assume IdentityHide Activities
Tags-
AI/MLMedium exploitEnvironment HardeningInput ValidationCompilation or Build HardeningInterpretedExecute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Hide Activities (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
2019 CWE Top 25 Most Dangerous Software Errors2020 CWE Top 25 Most Dangerous Software2022 CWE Top 25 Most Dangerous Software2023 CWE Top 25 Most Dangerous Software2024 CWE Top 25 Most Dangerous SoftwareOriginally Used by NVD from 2008 to 2016CWE Cross-section
CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
ShareView Details
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Likelihood of Exploit-Medium
Mapping-Allowed
Abstraction-Variant
Found in82CVEs

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

Impacts-
Gain Privileges or Assume IdentityExecute Unauthorized Code or CommandsBypass Protection MechanismRead Files or DirectoriesHide ActivitiesRead Application Data
Tags-
PythonJavaScriptPerlRubyAI/MLMedium exploitInput ValidationInterpretedExecute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Files or Directories (impact)Hide Activities (impact)Read Application Data (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
CWE Cross-section
CWE-96
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
ShareView Details
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in21CVEs

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.

Impacts-
Gain Privileges or Assume IdentityExecute Unauthorized Code or CommandsBypass Protection MechanismRead Files or DirectoriesHide ActivitiesRead Application Data
Tags-
PerlInput ValidationOutput EncodingInterpretedExecute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Files or Directories (impact)Hide Activities (impact)Read Application Data (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
CWE Cross-section
CWE-97
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
ShareView Details
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Variant
Found in6CVEs

The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

Impacts-
Execute Unauthorized Code or Commands
Tags-
Execute Unauthorized Code or Commands (impact)
As Seen In-
Not Available