Home > CAPEC List > CAPEC-181: Flash File Overlay (Version 2.9)  

CAPEC-181: Flash File Overlay

 
Flash File Overlay
Definition in a New Window Definition in a New Window
Attack Pattern ID: 181
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.

+ Attack Prerequisites
  • The victim must be tricked into navigating to the attackers' decoy site and performing the actions on the decoy page.

  • The victim's browser must support invisible Flash overlays.

+ Typical Severity

Medium

+ Resources Required

The attacker must be able to force the Flash overlay over the decoy content.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 07, 2015