Standardlikelihood: Highseverity: MediumDraft

CAPEC-182Flash Injection

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
Medium

Description

An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker. Metadata: standard CAPEC pattern, status draft, likelihood high, severity medium. Underlying weaknesses: CWE-20, CWE-184, CWE-697. Related CAPEC patterns: [object Object], [object Object].

Related weaknesses· 3

CWE-20CWE-184CWE-697

Related attack patterns· 2

CAPEC-137 (ChildOf)CAPEC-248 (CanAlsoBe)

Exploits3

TypeTargetConfidenceTier
WeaknessIncomplete List of Disallowed Inputscwe-184100%live
WeaknessIncorrect Comparisoncwe-697100%live
WeaknessImproper Input Validationcwe-20100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Flash Parameter Injection
CAPEC
Cross-Site Flashing
CAPEC
Flash Memory Attacks
CAPEC
DEPRECATED: XSS Using Flash
CAPEC
Code Injection
CAPEC
Argument Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.