Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0234

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0234
Last Modified 05 Sep 2008 04:45:42
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0234

Summary

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vulnerable Systems

Application

  • Apple Safari 1.2.5


References

XF - multiple-browsers-idn-spoof(19236)

MISC - http://www.shmoo.com/idn/homograph.txt

MISC - http://www.shmoo.com/idn

BUGTRAQ - 20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

FULLDISC - 20050206 state of homograph attacks

APPLE - APPLE-SA-2005-03-21

BID - 12461


Last Updated: 27 May 2016 10:39:44