CAPEC browsing - CVE-Search

CAPEC Details

Name

Malicious Software Download

Likelyhood of attack	Typical severity
High	Very High

Summary

An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code that originates from an attacker controlled source. There are several variations to this strategy of attack.

Prerequisites

Solutions

Related Weaknesses

CWE ID	Description
CWE-494	Download of Code Without Integrity Check

Related CAPECS

CAPEC ID	Description
CAPEC-184	An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target's integrity to achieve an insecure state.
CAPEC-662	An adversary exploits security vulnerabilities or inherent functionalities of a web browser, in order to manipulate traffic between two endpoints.