CWE-270
AllowedPrivilege Context Switching Error
Abstraction: Base · Status: Draft
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
45 vulnerabilities reference this CWE, most recent first.
GHSA-7P75-9H8V-VXQ4
Vulnerability from github – Published: 2024-12-12 12:31 – Updated: 2024-12-12 12:31An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim.
{
"affected": [],
"aliases": [
"CVE-2024-12570"
],
"database_specific": {
"cwe_ids": [
"CWE-270"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T12:15:22Z",
"severity": "MODERATE"
},
"details": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim\u0027s `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.",
"id": "GHSA-7p75-9h8v-vxq4",
"modified": "2024-12-12T12:31:15Z",
"published": "2024-12-12T12:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12570"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2724948"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/494694"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-9M68-HRX9-5WFC
Vulnerability from github – Published: 2024-11-12 21:30 – Updated: 2024-11-12 21:30A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.
{
"affected": [],
"aliases": [
"CVE-2024-36513"
],
"database_specific": {
"cwe_ids": [
"CWE-270"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T19:15:10Z",
"severity": "HIGH"
},
"details": "A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.",
"id": "GHSA-9m68-hrx9-5wfc",
"modified": "2024-11-12T21:30:52Z",
"published": "2024-11-12T21:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36513"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FF6V-W58F-V97W
Vulnerability from github – Published: 2025-06-13 20:41 – Updated: 2025-06-13 20:41Impact
When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful.
Patches
This has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.
Workarounds
We're not aware of any real workarounds apart from just being careful with editing documents previously edited by untrusted users as a user with script, admin or programming right.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.10.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
},
"ranges": [
{
"events": [
{
"introduced": "16.0.0-rc-1"
},
{
"fixed": "16.4.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-notifications-notifiers-default"
},
"ranges": [
{
"events": [
{
"introduced": "16.5.0-rc-1"
},
{
"fixed": "16.10.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-49583"
],
"database_specific": {
"cwe_ids": [
"CWE-270",
"CWE-357"
],
"github_reviewed": true,
"github_reviewed_at": "2025-06-13T20:41:12Z",
"nvd_published_at": "2025-06-13T17:15:23Z",
"severity": "MODERATE"
},
"details": "### Impact\nWhen a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can be executed, though, as while these templates allow Velocity code, the existing generic analyzer already warns admins before editing Velocity code. The main impact would thus be to send spam, e.g., with phishing links to other users or to hide notifications about other attacks. Note that warnings before editing documents with dangerous properties have only been introduced in XWiki 15.9, before that version, this was a known issue and the advice was simply to be careful.\n\n### Patches\nThis has been patched in XWiki 16.10.2, 16.4.7 and 15.10.16 by adding an analysis for the respective XClass properties.\n\n### Workarounds\nWe\u0027re not aware of any real workarounds apart from just being careful with editing documents previously edited by untrusted users as a user with script, admin or programming right.",
"id": "GHSA-ff6v-w58f-v97w",
"modified": "2025-06-13T20:41:12Z",
"published": "2025-06-13T20:41:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ff6v-w58f-v97w"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49583"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/3d96bf3ceb167bf0213d63f0be1f7e1732eb0a92"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-22471"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right"
}
GHSA-FH9M-7JQ4-376W
Vulnerability from github – Published: 2025-09-11 18:35 – Updated: 2025-09-11 18:35Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user’s system rights and data access.
{
"affected": [],
"aliases": [
"CVE-2025-26499"
],
"database_specific": {
"cwe_ids": [
"CWE-270"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-11T17:15:34Z",
"severity": "MODERATE"
},
"details": "Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user\u2019s system rights and data access.",
"id": "GHSA-fh9m-7jq4-376w",
"modified": "2025-09-11T18:35:50Z",
"published": "2025-09-11T18:35:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26499"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2025-26499"
},
{
"type": "WEB",
"url": "https://www.windriver.com/security/vulnerability-responses/CVE-2025-26499"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G9FW-9X87-RMRJ
Vulnerability from github – Published: 2021-03-18 19:27 – Updated: 2022-06-06 17:56Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.elasticsearch:elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.8.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.elasticsearch:elasticsearch"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.9.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7020"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-270"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-16T16:31:38Z",
"nvd_published_at": "2020-10-22T17:15:00Z",
"severity": "LOW"
},
"details": "Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.",
"id": "GHSA-g9fw-9x87-rmrj",
"modified": "2022-06-06T17:56:25Z",
"published": "2021-03-18T19:27:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7020"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033"
},
{
"type": "PACKAGE",
"url": "https://github.com/elastic/elasticsearch"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20201123-0001"
},
{
"type": "WEB",
"url": "https://staging-website.elastic.co/community/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Privilege Context Switching Error in Elasticsearch"
}
GHSA-GMM9-3V86-M9WJ
Vulnerability from github – Published: 2026-04-13 06:30 – Updated: 2026-04-13 06:30Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability.
{
"affected": [],
"aliases": [
"CVE-2026-34853"
],
"database_specific": {
"cwe_ids": [
"CWE-270"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-13T04:16:12Z",
"severity": "HIGH"
},
"details": "Permission bypass vulnerability in the LBS module.\nImpact: Successful exploitation of this vulnerability may affect availability.",
"id": "GHSA-gmm9-3v86-m9wj",
"modified": "2026-04-13T06:30:29Z",
"published": "2026-04-13T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34853"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2026/4"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinvision/2026/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H6F5-8JJ5-CXHR
Vulnerability from github – Published: 2023-03-02 15:16 – Updated: 2023-03-13 19:17Impact
The annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document.
To reproduce: add an annotation with the content {{groovy}}print "hello"{{/groovy}} and click the yellow scare to get a display of the annotation inline.
The result is "hello" but it should be an error suggesting that it's not allowed to use the groovy macro.
Patches
This has been patched in XWiki 13.10.11, 14.4.7 and 14.10.
Workarounds
There is no easy workaround except to upgrade.
References
https://jira.xwiki.org/browse/XWIKI-20360
https://jira.xwiki.org/browse/XWIKI-20384
For more information
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List
Attribution
This vulnerability has been reported by René de Sain @renniepak.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-annotation-ui"
},
"ranges": [
{
"events": [
{
"introduced": "2.3-milestone-1"
},
{
"fixed": "13.10.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-annotation-ui"
},
"ranges": [
{
"events": [
{
"introduced": "14.0-rc-1"
},
{
"fixed": "14.4.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-annotation-ui"
},
"ranges": [
{
"events": [
{
"introduced": "14.5"
},
{
"fixed": "14.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-26475"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-270"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-02T15:16:43Z",
"nvd_published_at": "2023-03-02T19:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nThe annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document.\n\nTo reproduce: add an annotation with the content `{{groovy}}print \"hello\"{{/groovy}}` and click the yellow scare to get a display of the annotation inline.\n\nThe result is \"hello\" but it should be an error suggesting that it\u0027s not allowed to use the groovy macro.\n\n### Patches\nThis has been patched in XWiki 13.10.11, 14.4.7 and 14.10.\n\n### Workarounds\nThere is no easy workaround except to upgrade.\n\n### References\nhttps://jira.xwiki.org/browse/XWIKI-20360\n\nhttps://jira.xwiki.org/browse/XWIKI-20384\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n\n### Attribution\n\nThis vulnerability has been reported by Ren\u00e9 de Sain @renniepak.",
"id": "GHSA-h6f5-8jj5-cxhr",
"modified": "2023-03-13T19:17:37Z",
"published": "2023-03-02T15:16:43Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26475"
},
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20360"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "xwiki-platform vulnerable to Remote Code Execution in Annotations"
}
GHSA-JCHM-FM4Q-C2FP
Vulnerability from github – Published: 2023-05-08 12:30 – Updated: 2025-02-13 18:54Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow. This issue affects Apache Airflow: before 2.6.0.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0b1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-25754"
],
"database_specific": {
"cwe_ids": [
"CWE-270"
],
"github_reviewed": true,
"github_reviewed_at": "2023-05-11T20:32:46Z",
"nvd_published_at": "2023-05-08T12:15:09Z",
"severity": "CRITICAL"
},
"details": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow. This issue affects Apache Airflow: before 2.6.0.",
"id": "GHSA-jchm-fm4q-c2fp",
"modified": "2025-02-13T18:54:28Z",
"published": "2023-05-08T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/29506"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/airflow"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/releases/tag/2.6.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2023/05/08/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/05/08/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Apache Airflow vulnerable to Privilege Context Switching Error"
}
GHSA-JFQV-RW2M-VHF4
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.
{
"affected": [],
"aliases": [
"CVE-2025-60721"
],
"database_specific": {
"cwe_ids": [
"CWE-270"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T18:15:40Z",
"severity": "HIGH"
},
"details": "Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally.",
"id": "GHSA-jfqv-rw2m-vhf4",
"modified": "2025-11-11T18:30:21Z",
"published": "2025-11-11T18:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-60721"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-60721"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P9CF-QJXQ-VXW6
Vulnerability from github – Published: 2021-06-08 18:52 – Updated: 2021-06-17 20:04A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 19.1.0.Final"
},
"package": {
"ecosystem": "Maven",
"name": "org.wildfly.bom:wildfly"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20.0.0.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1719"
],
"database_specific": {
"cwe_ids": [
"CWE-270"
],
"github_reviewed": true,
"github_reviewed_at": "2021-06-08T17:28:03Z",
"nvd_published_at": "2021-06-07T17:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.",
"id": "GHSA-p9cf-qjxq-vxw6",
"modified": "2021-06-17T20:04:36Z",
"published": "2021-06-08T18:52:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Privilege Context Switching Error in wildlfy"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-30: Hijacking a Privileged Thread of Execution
An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.