Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0235

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0235
Last Modified 05 Sep 2008 04:45:42
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0235

Summary

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Vulnerable Systems

Application

  • Opera Software Opera Web Browser 7.54


References

XF - multiple-browsers-idn-spoof(19236)

MISC - http://www.shmoo.com/idn/homograph.txt

MISC - http://www.shmoo.com/idn

BUGTRAQ - 20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

FULLDISC - 20050206 state of homograph attacks

BID - 12461

SUSE - SUSE-SA:2005:031


Last Updated: 27 May 2016 10:39:44