CAPEC-181: Flash File Overlay
An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.
Last updated
Overview
CAPEC-181 (Flash File Overlay) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- The victim must be tricked into navigating to the attackers' decoy site and performing the actions on the decoy page.
- The victim's browser must support invisible Flash overlays.
Resources required
- The attacker must be able to force the Flash overlay over the decoy content.
Frequently asked questions
Common questions about CAPEC-181.
- What is CAPEC-181?
- An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.
- What weaknesses does CAPEC-181 target?
- CAPEC-181 exploits 1 CWE weakness, including CWE-1021 (Improper Restriction of Rendered UI Layers or Frames).
- How severe is CAPEC-181?
- MITRE rates CAPEC-181 as Medium severity.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-181
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.