Home > CAPEC List > CAPEC-556: Replace File Extension Handlers (Version 2.11)  

CAPEC-556: Replace File Extension Handlers

Replace File Extension Handlers
Definition in a New Window Definition in a New Window
Attack Pattern ID: 556
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

When a file is opened, its file handler is checked to determine which program opens the file. File handlers are configuration properties of many operating systems. Applications can modify the file handler for a given file extension to call an arbitrary program when a file with the given extension is opened.

+ Solutions and Mitigations

Inspect registry for changes. Limit privileges of user accounts so changes to default file handlers can only be performed by authorized administrators.

+ References
[R.556.1] ATT&CK Project. "Edit Default File Handlers (1042)". MITRE. <https://attack.mitre.org/wiki/Edit_default_file_handlers>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017