Detailedseverity: MediumDraft

CAPEC-181Flash File Overlay

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.

Related weaknesses· 1

CWE-1021

Related attack patterns· 1

CAPEC-103 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Rendered UI Layers or Framescwe-1021100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Cross-Site Flashing
CAPEC
iFrame Overlay
CAPEC
Clickjacking
CAPEC
Flash Injection
CAPEC
Flash Parameter Injection
CAPEC
Tapjacking
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.