CVE-2007-3742 - WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle

CVE-2007-3742

Summary

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks.

References

Vulnerable Configurations

cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0b:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0b:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1b:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1b:-:windows:*:*:*:*:*

CVSS

Base:	4.3 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

CWE-16

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	24636
confirm	http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=306174
misc	http://isc.sans.org/diary.html?storyid=3214
sectrack	1018488
secunia	26287
vupen	ADV-2007-2730 ADV-2007-2731
xf	safari-idn-url-spoofing(35716)

Last major update

29-07-2017 - 01:32

Published

03-08-2007 - 20:17

Last modified

29-07-2017 - 01:32