Vulnerability Description
The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | <= 5.1.2 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
- http://osvdb.org/80088
- http://secunia.com/advisories/48377
- http://www.securitytracker.com/id?1026785
- http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
- http://osvdb.org/80088
- http://secunia.com/advisories/48377
- http://www.securitytracker.com/id?1026785
FAQ
What is CVE-2012-0584?
CVE-2012-0584 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unsp...
How severe is CVE-2012-0584?
CVE-2012-0584 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0584?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Microsoft Windows.