CAPEC-44

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: High Severity: Very High
Overflow Binary Resource File

Description

An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the adversary access to the execution stack and execute arbitrary code in the target process.

Prerequisites

Target software processes binary resource files.

Target software contains a buffer overflow vulnerability reachable through input from a user-controllable binary resource file.

Mitigations

Perform appropriate bounds checking on all buffers.

Design: Enforce principle of least privilege

Design: Static code analysis

Implementation: Execute program in less trusted process space environment, do not allow lower integrity processes to write to higher integrity processes

Implementation: Keep software patched to ensure that known vulnerabilities are not available for adversaries to target on host.

Skills Required

[Medium] To modify file, deceive client into downloading, locate and exploit remote stack or heap vulnerability