CWE-270
Privilege Context Switching Error
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.
CVE-2021-3493 (GCVE-0-2021-3493)
Vulnerability from cvelistv5
Published
2021-04-17 04:20
Modified
2025-07-30 01:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-270 - Privilege Context Switching Error
Summary
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu | linux kernel |
Version: 5.8 kernel < 5.8.0-50.56 Version: 5.4 kernel < 5.4.0-72.80 Version: 4.15 kernel < 4.15.0-142.146 Version: 4.4 kernel < 4.4.0-209.241 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-4917-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-3493",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:30:18.913674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-10-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3493"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:38:13.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2022-10-20T00:00:00+00:00",
"value": "CVE-2021-3493 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "linux kernel",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "5.8.0-50.56",
"status": "affected",
"version": "5.8 kernel",
"versionType": "custom"
},
{
"lessThan": "5.4.0-72.80",
"status": "affected",
"version": "5.4 kernel",
"versionType": "custom"
},
{
"lessThan": "4.15.0-142.146",
"status": "affected",
"version": "4.15 kernel",
"versionType": "custom"
},
{
"lessThan": "4.4.0-209.241",
"status": "affected",
"version": "4.4 kernel",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "An independent security researcher reporting to the SSD Secure Disclosure program"
}
],
"datePublic": "2021-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-270",
"description": "CWE-270: Privilege Context Switching Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-03T19:06:06.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-4917-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Apply https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52"
}
],
"source": {
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"value": "Disable unprivileged user namespaces."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-04-15T00:00:00.000Z",
"ID": "CVE-2021-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "linux kernel",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.8 kernel",
"version_value": "5.8.0-50.56"
},
{
"version_affected": "\u003c",
"version_name": "5.4 kernel",
"version_value": "5.4.0-72.80"
},
{
"version_affected": "\u003c",
"version_name": "4.15 kernel",
"version_value": "4.15.0-142.146"
},
{
"version_affected": "\u003c",
"version_name": "4.4 kernel",
"version_value": "4.4.0-209.241"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "An independent security researcher reporting to the SSD Secure Disclosure program"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-270: Privilege Context Switching Error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/security/notices/USN-4917-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-4917-1"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52"
},
{
"name": "https://www.openwall.com/lists/oss-security/2021/04/16/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/04/16/1"
},
{
"name": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162434/Kernel-Live-Patch-Security-Notice-LSN-0076-1.html"
},
{
"name": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162866/Ubuntu-OverlayFS-Local-Privilege-Escalation.html"
},
{
"name": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165151/Ubuntu-Overlayfs-Local-Privilege-Escalation.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Apply https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Disable unprivileged user namespaces."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3493",
"datePublished": "2021-04-17T04:20:16.706Z",
"dateReserved": "2021-04-12T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:38:13.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26499 (GCVE-0-2025-26499)
Vulnerability from cvelistv5
Published
2025-09-11 16:46
Modified
2025-09-11 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-270 - CWE - Privilege Context Switching Error (4.17)
Summary
Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user’s system rights and data access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Wind River Studio Developer | Wind River Studio Developer |
Version: 24.11 < 24.11>= |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T20:37:38.098093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T20:37:54.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Wind River Studio Developer"
],
"product": "Wind River Studio Developer",
"vendor": "Wind River Studio Developer",
"versions": [
{
"lessThan": "24.11\u003e=",
"status": "affected",
"version": "24.11",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-11T16:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnder heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user\u2019s system rights and data access.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw cannot be intentionally exploited due to the required concurring action by two users. However, if the event occurs a user would be inadvertently exposed to another user\u2019s system rights and data access."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114: CAPEC - CAPEC-114: Authentication Abuse (Version 3.9)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-270",
"description": "CWE-270: CWE - CWE-270: Privilege Context Switching Error (4.17)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T16:46:28.575Z",
"orgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8",
"shortName": "WindRiver"
},
"references": [
{
"url": "https://www.windriver.com/security/vulnerability-responses/CVE-2025-26499"
},
{
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2025-26499"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0bf9931a-6ebf-4f48-bd14-39ee5e1d61f8",
"assignerShortName": "WindRiver",
"cveId": "CVE-2025-26499",
"datePublished": "2025-09-11T16:46:28.575Z",
"dateReserved": "2025-02-11T20:11:10.092Z",
"dateUpdated": "2025-09-11T20:37:54.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46406 (GCVE-0-2025-46406)
Vulnerability from cvelistv5
Published
2025-07-10 03:10
Modified
2025-07-10 20:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-270 - Privilege Context Switching Error
Summary
A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary.
This issue affects Command Centre Server:
9.30 prior to 9.30.1874 (MR1), 9.20 prior to 9.20.2337 (MR3), 9.10 prior to 9.10.3194 (MR6), 9.00 prior to 9.00.3371 (MR7), all versions of 8.90 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | Command Centre Server |
Version: 0 < Version: 9.30 < 9.30.1874 (MR1) Version: 9.20 < 9.20.2337 (MR3) Version: 9.10 < 9.10.3194 (MR6) Version: 9.00 < 9.00.3371 (MR7) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:02:21.159913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:02:29.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Command Centre Server",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "9.30.1874 (MR1)",
"status": "affected",
"version": "9.30",
"versionType": "custom"
},
{
"lessThan": "9.20.2337 (MR3)",
"status": "affected",
"version": "9.20",
"versionType": "custom"
},
{
"lessThan": "9.10.3194 (MR6)",
"status": "affected",
"version": "9.10",
"versionType": "custom"
},
{
"lessThan": "9.00.3371 (MR7)",
"status": "affected",
"version": "9.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Command Centre Server: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.30 prior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.30.1874\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;(MR1), 9.20 prior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.20.2337\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;(MR3), 9.10 prior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.10.3194\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;(MR6), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.00 prior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.00.3371\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;(MR7), \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eall versions of 8.90 and prior.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary.\n\nThis issue affects Command Centre Server: \n\n9.30 prior to 9.30.1874\u00a0(MR1), 9.20 prior to 9.20.2337\u00a0(MR3), 9.10 prior to 9.10.3194\u00a0(MR6), 9.00 prior to 9.00.3371\u00a0(MR7), all versions of 8.90 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-270",
"description": "CWE-270 Privilege Context Switching Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:10:03.557Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-46406"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2025-46406",
"datePublished": "2025-07-10T03:10:03.557Z",
"dateReserved": "2025-06-17T02:18:59.193Z",
"dateUpdated": "2025-07-10T20:02:29.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Mitigation ID: MIT-49
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-30: Hijacking a Privileged Thread of Execution
An adversary hijacks a privileged thread of execution by injecting malicious code into a running process. By using a privleged thread to do their bidding, adversaries can evade process-based detection that would stop an attack that creates a new process. This can lead to an adversary gaining access to the process's memory and can also enable elevated privileges. The most common way to perform this attack is by suspending an existing thread and manipulating its memory.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.