An attacker exploits a data structure shared between multiple applications
or an application pool to affect application behavior. Data may be shared
between multiple applications or between multiple threads of a single
application. Data sharing is usually accomplished through mutual access to a
single memory location. If an attacker can manipulate this shared data
(usually by co-opting one of the applications or threads) the other
applications or threads using the shared data will often continue to trust
the validity of the compromised shared data and use it in their
calculations. This can result in invalid trust assumptions, corruption of
additional data through the normal operations of the other users of the
shared data, or even cause a crash or compromise of the sharing
applications.
Attack Prerequisites
The target applications (or target application threads) must share data
between themselves.
The attacker must be able to manipulate some piece of the shared data
either directly or indirectly and the other users of the data must accept
the changed data as valid.
Resources Required
The attacker must be able to change the shared data. Usually this requires
that the attacker be able to compromise one of the sharing applications or
threads in order to manipulated the shared data.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
