Trusted Design

• 重大度: Unknown
• 公開日: 2016-01-15
• 更新日: 2024-08-05

概要

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.

このCVEに関連するMITRE ATT&CKテクニック

• T1560.001 - Archive via Utility
• T1557 - Adversary-in-the-Middle
• T1027.013 - Encrypted/Encoded File
• T1192 - Spearphishing Link
• T1036.008 - Masquerade File Type
• T1484.002 - Trust Modification
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1145 - Private Keys
• T1155 - AppleScript
• T1547.003 - Time Providers
• T1585.002 - Email Accounts
• T1090.002 - External Proxy
• T1598.004 - Spearphishing Voice
• T1055.013 - Process Doppelgänging
• T1546.008 - Accessibility Features
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1586 - Compromise Accounts
• T1552.001 - Credentials In Files
• T1608 - Stage Capabilities
• T1679 - Selective Exclusion
• T1534 - Internal Spearphishing
• T1218.001 - Compiled HTML File
• T1567.003 - Exfiltration to Text Storage Sites
• T1587.004 - Exploits
• T1095 - Non-Application Layer Protocol
• T1027.004 - Compile After Delivery
• T1065 - Uncommonly Used Port
• T1213.003 - Code Repositories
• T1565.002 - Transmitted Data Manipulation
• T1223 - Compiled HTML File
• T1027.006 - HTML Smuggling
• T1055.008 - Ptrace System Calls
• T1204.001 - Malicious Link
• T1086 - PowerShell

このCVEが関連しているPulses

• ffmpeg and Libav crossdomain information disclosure
• ffmpeg and Libav cross-domain information disclosure vuln

CVEの関係性グラフ

---

← CVE一覧に戻る