Vulnerability Details : CVE-2005-0234
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
Products affected by CVE-2005-0234
- cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0234
1.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0234
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2005-0234
-
http://www.shmoo.com/idn
404 Not FoundExploit
-
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Vendor Advisory
-
http://marc.info/?l=bugtraq&m=110782704923280&w=2
-
http://www.securityfocus.com/bid/12461
-
http://www.shmoo.com/idn/homograph.txt
404 Not FoundVendor Advisory
-
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
[Full-Disclosure] Mailing List CharterExploit;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
Jump to