[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3742Date: (C)2007-08-03   (M)2023-12-22


WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1018488
BID-24636
SECUNIA-26287
ADV-2007-2730
ADV-2007-2731
http://docs.info.apple.com/article.html?artnum=306173
http://docs.info.apple.com/article.html?artnum=306174
http://isc.sans.org/diary.html?storyid=3214
safari-idn-url-spoofing(35716)

CPE    1
cpe:/h:apple:iphone:1.0
CWE    1
CWE-16

© SecPod Technologies