Home > CAPEC List > CAPEC-44: Overflow Binary Resource File (Version 2.11)  

CAPEC-44: Overflow Binary Resource File

Overflow Binary Resource File
Definition in a New Window Definition in a New Window
Attack Pattern ID: 44
Abstraction: Detailed
Status: Draft
Completeness: Complete
Presentation Filter:
+ Summary

An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.

+ Attack Prerequisites
  • Target software processes binary resource files.

  • Target software contains a buffer overflow vulnerability reachable through input from a user-controllable binary resource file.

+ Typical Severity

Very High

+ Typical Likelihood of Exploit

Likelihood: High

+ Methods of Attack
  • Modification of Resources
+ Examples-Instances


Binary files like music and video files are appended with additional data to cause buffer overflow on target systems. Because these files may be filled with otherwise popular content, the attacker has an excellent vector for wide distribution. There have been numerous cases, for example of malicious screen savers for sports teams that are distributed on the event of the team winning a championship.

+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Medium

To modify file, deceive client into downloading, locate and exploit remote stack or heap vulnerability

+ Solutions and Mitigations

Perform appropriate bounds checking on all buffers.

Design: Enforce principle of least privilege

Design: Static code analysis

Implementation: Execute program in less trusted process space environment, do not allow lower integrity processes to write to higher integrity processes

Implementation: Keep software patched to ensure that known vulnerabilities are not available for attackers to target on host.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
DoS: crash / exit / restart
Execute unauthorized code or commands
Run Arbitrary Code
+ Purposes
  • Penetration
  • Exploitation
+ CIA Impact
Confidentiality Impact: HighIntegrity Impact: HighAvailability Impact: High
+ Technical Context
Architectural Paradigms
+ References
[R.44.1] [REF-2] G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. February 2004.
+ Content History
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2015-12-07Updated Related_Attack_PatternsInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017