CVE-2005-0234Insufficient Visual Distinction of Homoglyphs Presented to User in Apple Safari

CWE-1007Insufficient Visual Distinction of Homoglyphs Presented to User5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 34.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedMay 2
Latest updateMay 1

Description

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/safari1.2.5

🔴Vulnerability Details

1
GHSA
GHSA-fgff-c9rr-m5xx: The International Domain Name (IDN) support in Safari 12022-05-01

💥Exploits & PoCs

1
Exploit-DB
LHA 1.x - Remote Buffer Overflow / Directory Traversal2004-04-30

📐Framework References

2
CWE
Insufficient Visual Distinction of Homoglyphs Presented to User
CAPEC
Homograph Attack via Homoglyphs