| Name |
Replace File Extension Handlers |
|
| Likelyhood of attack |
Typical severity |
| Medium |
Very High |
|
| Summary |
When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened. |
| Prerequisites |
|
| Solutions | Inspect registry for changes. Limit privileges of user accounts so changes to default file handlers can only be performed by authorized administrators. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-284 |
Improper Access Control |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-542 |
An adversary develops targeted malware that takes advantage of a known vulnerability in an organizational information technology environment. The malware crafted for these attacks is based specifically on information gathered about the technology environment. Successfully executing the malware enables an adversary to achieve a wide variety of negative technical impacts. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1546.001 |
Event Triggered Execution:Change Default File Association |
|