Home > CAPEC List > CAPEC-549: Local Execution of Code (Version 2.11)  

CAPEC-549: Local Execution of Code

Local Execution of Code
Definition in a New Window Definition in a New Window
Attack Pattern ID: 549
Abstraction: Meta
Status: Stable
Completeness: Complete
Presentation Filter:
+ Summary

An adversary installs and executes malicious code on the target system in an effort to achieve a negative technical impact. Examples include rootkits, ransomware, spyware, adware, and others.

+ Attack Prerequisites
  • Knowledge of the target system's vulnerabilities that can be capitalized on with malicious code.

    The adversary must be able to place the malicious code on the target system.

+ Typical Severity


+ Typical Likelihood of Exploit

Likelihood: Medium

+ Methods of Attack
  • Social Engineering
  • Injection
+ Resources Required

The means by which the adversary intends to place the malicious code on the system dictates the tools required. For example, suppose the adversary wishes to leverage social engineering and convince a legitimate user to open a malicious file attached to a seemingly legitimate email. In this case, the adversary might require a tool capable of wrapping malicious code into an innocuous filetype (e.g., PDF, .doc, etc.)

+ Solutions and Mitigations

Employ robust cybersecurity training for all employees.

Implement system antivirus software that scans all attachments before opening them.

Regularly patch all software.

Execute all suspicious files in a sandbox environment.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Execute unauthorized code or commands
Run Arbitrary Code
"Varies by context"
Depending on the type of code executed by the adversary, the consequences of this attack pattern can vary widely.
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team
CAPEC Content TeamThe MITRE Corporation2017-05-01Updated Attack_Motivation-Consequences, Attack_Prerequisites, Description Summary, Methods_of_Attack, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_SeverityInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017