| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | primary_impact | T1565 | Data Manipulation |
Comments
This vulnerability is exploited via authentication bypass, allowing the adversary to write to files.
References
|
| CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | exploitation_technique | T1548.002 | Bypass User Account Control |
Comments
This vulnerability is exploited via authentication bypass, allowing the adversary to write to files.
References
|
| CVE-2015-0310 | Adobe Flash Player ASLR Bypass Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited with maliciously-crafted code hosted on a website via drive-by compromise. It has been seen used in the wild by exploit kits.
References
|
| CVE-2023-21715 | Microsoft Office Publisher Security Feature Bypass Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
CVE-2023-21715 is a security feature bypass vulnerability exploitable when a user opens a specially-crafted file bypassing macro policies.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| CVE-2023-21715 | Microsoft Office Publisher Security Feature Bypass Vulnerability | 1 |
| CVE-2015-0310 | Adobe Flash Player ASLR Bypass Vulnerability | 1 |
| CVE-2021-31207 | Microsoft Exchange Server Security Feature Bypass Vulnerability | 2 |