K-OTik Security Advisory : KOTIK/ADV-2005-0112
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Moderate
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-02-07
* Technical Description *
A new vulnerability was reported in several web browsers, which may be exploited by attackers to conduct phishing/spoofing attacks and display fake domain names. The problem resides in the IDN (International Domain Name) implementation and occurs when handling malformed URLs containing specially crafted characters, which may be exploited to spoof SSL certificates and the URL displayed in the address/status bar.
Example :
The URL
https://www.pаypal.com will display
https://www.paypal.com (and points to
https://www.xn--pypal-4ve.com)
* Affected Products *
Mozilla 1.7.5 and earlier
Firefox 1.0 and earlier
Opera version 7.54u2 and earlier
Safari version 1.2.4 (v125.1) and earlier
OmniWeb version 5.1 and earlier
Konqueror version 3.2.2 and earlier
* Solution *
K-OTik Security is not aware of any official supplied patch for this issue.
* References *
http://www.k-otik.com/english/advisories/2005/0112
http://www.shmoo.com/idn/homograph.txt
* Credits *
Vulnerability reported by Eric Johanson