An attacker injects global Flash parameters into a Flash file embedded in
						an HTML document. These variables are controlled through arguments in the
						URL used to access the embedding HTML document. As such, this is a form of
						HTTP parameter injection, but the abilities granted to the Flash document
						(such as access to a page's document model, including associated cookies)
						make this attack more flexible. The injected parameters can allow the
						attacker to control other Flash objects as well as the parent document's DOM
						model.