Threat actors may exploit software vulnerabilities in an attempt to collect credentials. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.