Detailedlikelihood: Highseverity: MediumDraft
CAPEC-174Flash Parameter Injection
Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
Medium
Description
An adversary takes advantage of improper data validation to inject malicious global parameters into a Flash file embedded within an HTML document. Flash files can leverage user-submitted data to configure the Flash document and access the embedding HTML document.
Metadata: detailed CAPEC pattern, status draft, likelihood high, severity medium. Underlying weakness: CWE-88. Related CAPEC patterns: [object Object], [object Object], [object Object], [object Object].
Related weaknesses· 1
Related attack patterns· 4
Exploits1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')cwe-88 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.