Flash Injection
Attack Pattern ID: 182 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description


An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.

+ Attack Prerequisites

The target must be capable of running Flash applications.

In some cases, the target must follow an attacker-supplied link.

+ Resources Required

The attacker may need to be able to serve the injected Flash content, but otherwise no special resources are required.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern240Resource Injection 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern178Cross-Site Flashing 
Mechanism of Attack (primary)1000