Vulnerability Description
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | 1.2.5 |
References
- http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlVendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=110782704923280&w=2
- http://www.securityfocus.com/bid/12461
- http://www.shmoo.com/idnExploit
- http://www.shmoo.com/idn/homograph.txtVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
- http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlVendor Advisory
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.htmlExploitVendor Advisory
- http://marc.info/?l=bugtraq&m=110782704923280&w=2
- http://www.securityfocus.com/bid/12461
- http://www.shmoo.com/idnExploit
- http://www.shmoo.com/idn/homograph.txtVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
FAQ
What is CVE-2005-0234?
CVE-2005-0234 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way tha...
How severe is CVE-2005-0234?
CVE-2005-0234 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0234?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.