CAPEC-181 Metadata
Likelihood of Attack
High
Typical Severity
Medium
Overview
Summary
An attacker creates a transparent overlay using flash in order to intercept user actions for the purpose of performing a clickjacking attack. In this technique, the Flash file provides a transparent overlay over HTML content. Because the Flash application is on top of the content, user actions, such as clicks, are caught by the Flash application rather than the underlying HTML. The action is then interpreted by the overlay to perform the actions the attacker wishes.
Prerequisites
The victim must be tricked into navigating to the attackers' decoy site and performing the actions on the decoy page. The victim's browser must support invisible Flash overlays.
Potential Solutions / Mitigations
No specific solutions listed.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-1021 | Improper Restriction of Rendered UI Layers or Frames |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-103 | An adversary tricks a victim into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different, usually an adversary controlled or intended, system. |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.