Home
ATT&CK Techniques
T1203 Exploitation for Client Execution

T1203 Exploitation for Client Execution Mappings

Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.

Several types exist:

Browser-based Exploitation

Web browsers are a common target through Drive-by Compromise and Spearphishing Link. Endpoint systems may be compromised through normal web browsing or from certain users being targeted by links in spearphishing emails to adversary controlled sites used to exploit the web browser. These often do not require an action by the user for the exploit to be executed.

Office Applications

Common office and productivity applications such as Microsoft Office are also targeted through Phishing. Malicious files will be transmitted directly as attachments or through links to download them. These require the user to open the document or file for the exploit to run.

Common Third-party Applications

Other applications that are commonly seen or are part of the software deployed in a target network may also be used for exploitation. Applications such as Adobe Reader and Flash, which are common in enterprise environments, have been routinely targeted by adversaries attempting to gain access to systems. Depending on the software and nature of the vulnerability, some may be exploited in the browser or require the user to open a file. For instance, some Flash exploits have been delivered as objects within Microsoft Office documents.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-4	Information Flow Enforcement	Protects	T1203	Exploitation for Client Execution
AC-6	Least Privilege	Protects	T1203	Exploitation for Client Execution
CA-7	Continuous Monitoring	Protects	T1203	Exploitation for Client Execution
CM-8	System Component Inventory	Protects	T1203	Exploitation for Client Execution
SC-18	Mobile Code	Protects	T1203	Exploitation for Client Execution
SC-2	Separation of System and User Functionality	Protects	T1203	Exploitation for Client Execution
SC-29	Heterogeneity	Protects	T1203	Exploitation for Client Execution
SC-3	Security Function Isolation	Protects	T1203	Exploitation for Client Execution
SC-30	Concealment and Misdirection	Protects	T1203	Exploitation for Client Execution
SC-39	Process Isolation	Protects	T1203	Exploitation for Client Execution
SC-7	Boundary Protection	Protects	T1203	Exploitation for Client Execution
SI-3	Malicious Code Protection	Protects	T1203	Exploitation for Client Execution
SI-4	System Monitoring	Protects	T1203	Exploitation for Client Execution
SI-7	Software, Firmware, and Information Integrity	Protects	T1203	Exploitation for Client Execution
CVE-2018-17934	NUUO CMS	secondary_impact	T1203	Exploitation for Client Execution
CVE-2018-5454	Philips IntelliSpace Portal	primary_impact	T1203	Exploitation for Client Execution
CVE-2019-1106	Microsoft Edge	exploitation_technique	T1203	Exploitation for Client Execution
CVE-2019-1035	Microsoft Office	exploitation_technique	T1203	Exploitation for Client Execution
CVE-2019-0926	Microsoft Edge	exploitation_technique	T1203	Exploitation for Client Execution
CVE-2019-1052	Microsoft Edge	exploitation_technique	T1203	Exploitation for Client Execution
CVE-2013-0707	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-7456	FreeBSD	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-12464	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2012-5958	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-5180	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-6418	Chrome	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-5902	BIG-IP	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-7286	iOS	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-18935	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-17026	Firefox ESR	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-13720	Chrome	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-11886	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-9206	Blueimp jQuery-File-Upload	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-8174	Windows 7	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-8120	Windows Server 2008	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-0798	Equation Editor	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-4656	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-1409	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-2590	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-2425	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-2817	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-0324	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-0307	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-5211	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-2471	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-1493	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-0625	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-0422	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2011-3402	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-1423	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-1165	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-1862	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-1807	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-1151	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-1641	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-11901	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-7256	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-3714	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-0071	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-4123	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-0266	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-1885	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-3459	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-13125	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-7187	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2011-3544	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-0034	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-7756	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-2426	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-13126	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-10271	WebLogic Server	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-6909	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-6278	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-5326	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-3041	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-11897	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-11896	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-9019	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-3893	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-9818	iOS	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-1631	Junos OS	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-1350	Windows Server	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-0938	Windows	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-9791	Thunderbird	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-1579	Palo Alto Networks GlobalProtect Portal/Gateway Interface	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-11932	android-gif-drawable	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-0903	Windows	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-0803	Windows	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-8833	Advantech WebAccess HMI Designer	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-8589	Windows Server 2008	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-7513	Omron CX-Supervisor	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-20838	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-18956	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-10376	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-5613	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-2404	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-12824	InPage reader	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-9299	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-2208	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-3864	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-7169	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-5334	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-0593	obs-service-set_version	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-3897	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-3163	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2012-2311	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2012-1856	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2011-3192	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2011-2005	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-4398	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-2568	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-2152	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-1297	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-0842	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-0480	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-1800	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-1671	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-0824	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2008-2992	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-5638	Apache Struts	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-1494	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-6819	Thunderbird	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-10257	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-15919	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-0222	Internet Explorer	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-0149	Internet Explorer	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-9079	Firefox	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-7189	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-3393	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-5123	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-2502	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-2419	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-6332	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-1815	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-2465	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-2423	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2012-3213	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-3971	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-1136	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-1776	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-3918	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-2883	WebLogic Server	uncategorized	T1203	Exploitation for Client Execution
CVE-2020-0601	Windows	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-10149	exim	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-20062	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-6366	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-3396	Confluence Server	uncategorized	T1203	Exploitation for Client Execution
CVE-2018-20250	WinRAR	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-8464	Windows Shell	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-11882	Microsoft Office	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-11826	Microsoft Office	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-0261	Microsoft Office	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-6585	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-1642	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-0096	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-7247	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-6352	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-1331	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-1424	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-0840	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-4324	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-0556	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-13510	Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-13541	Horner Automation Cscape	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-13527	Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-8570	Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, and Microsoft Office 2016.	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-0262	Microsoft Office	uncategorized	T1203	Exploitation for Client Execution
CVE-2016-7193	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2015-2509	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2014-0810	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-3644	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-3915	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-3333	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-2862	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2010-0028	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-3129	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2009-0927	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-9081		uncategorized	T1203	Exploitation for Client Execution
CVE-2020-1020	Windows	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-8759	Microsoft .NET Framework	uncategorized	T1203	Exploitation for Client Execution
CVE-2017-11847	Windows kernel	uncategorized	T1203	Exploitation for Client Execution
CVE-2013-3906	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2012-6467	n/a	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-6340	Drupal Core	uncategorized	T1203	Exploitation for Client Execution
CVE-2019-10980	LCDS LAquis SCADA	uncategorized	T1203	Exploitation for Client Execution
action.hacking.variety.Buffer overflow	Buffer overflow. Child of 'Exploit vuln'.	related-to	T1203	Exploitation for Client Execution
action.hacking.variety.HTTP Response Splitting	HTTP Response Splitting. Child of 'Exploit vuln'.	related-to	T1203	Exploitation for Client Execution
action.hacking.variety.HTTP request smuggling	HTTP request smuggling. Child of 'Exploit vuln'.	related-to	T1203	Exploitation for Client Execution
action.hacking.variety.HTTP request splitting	HTTP request splitting. Child of 'Exploit vuln'.	related-to	T1203	Exploitation for Client Execution
action.hacking.variety.HTTP response smuggling	HTTP response smuggling. Child of 'Exploit vuln'.	related-to	T1203	Exploitation for Client Execution
action.malware.variety.Client-side attack	Client-side or browser attack (e.g., redirection, XSS, MitB)	related-to	T1203	Exploitation for Client Execution
action.malware.vector.Email attachment	Email via user-executed attachment. Child of 'Email'	related-to	T1203	Exploitation for Client Execution
aws_config	AWS Config	technique_scores	T1203	Exploitation for Client Execution
amazon_inspector	Amazon Inspector	technique_scores	T1203	Exploitation for Client Execution
aws_web_application_firewall	AWS Web Application Firewall	technique_scores	T1203	Exploitation for Client Execution
aws_security_hub	AWS Security Hub	technique_scores	T1203	Exploitation for Client Execution