CAPEC-649 Metadata
Likelihood of Attack
Low
Typical Severity
Medium
Overview
Summary
An adversary adds a space character to the end of a file extension and takes advantage of an application that does not properly neutralize trailing special elements in file names. This extra space, which can be difficult for a user to notice, affects which default application is used to operate on the file and can be leveraged by the adversary to control execution.
Prerequisites
The use of the file must be controlled by the file extension.
Potential Solutions / Mitigations
File extensions should be checked to see if non-visible characters are being included.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-46 | Path Equivalence: 'filename ' (Trailing Space) |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-635 | The extension of a file name is often used in various contexts to determine the application that is used to open and use it. If an attacker can cause an alternative application to be used, it may be able to execute malicious code, cause a denial of service or expose sensitive information. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1036.006 | Masquerading:Space after Filename |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.