CAPEC-181: Flash File Overlay

An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.

Medium

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-181 (Flash File Overlay) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-181: Flash File Overlay

Overview

What the attacker needs

Prerequisites

Resources required

Frequently asked questions

What is CAPEC-181?

What weaknesses does CAPEC-181 target?

How severe is CAPEC-181?

References

Defend against CAPEC-181

Overview

What the attacker needs

Prerequisites

Resources required

Related weaknesses

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-181?

What weaknesses does CAPEC-181 target?

How severe is CAPEC-181?

References

Defend against CAPEC-181