CAPEC-181: Flash File Overlay |
 Description An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes. Typical Severity Prerequisites
| The victim must be tricked into navigating to the attackers' decoy site and performing the actions on the decoy page. |
| The victim's browser must support invisible Flash overlays. |
Resources Required
| The attacker must be able to force the Flash overlay over the decoy content. |
 Content History | Submissions |
|---|
| Submission Date | Submitter | Organization |
|---|
| 2014-06-23 (Version 2.6) | CAPEC Content Team | The MITRE Corporation | | | Modifications |
|---|
| Modification Date | Modifier | Organization |
|---|
| 2019-04-04 (Version 3.1) | CAPEC Content Team | The MITRE Corporation | | Updated Related_Weaknesses | | 2019-09-30 (Version 3.2) | CAPEC Content Team | The MITRE Corporation | | Updated Related_Attack_Patterns |
More information is available — Please select a different filter.
|
This table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
