CVE-2005-0237 | Vulnerability Database | Aqua Security

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Affected Software

Name	Vendor	Start Version	End Version
Konqueror	Kde	3.2.1 (including)	3.2.1 (including)
Red Hat Enterprise Linux 4	RedHat	kdelibs-6:3.3.1-3.6	*
Kdelibs	Ubuntu	dapper	*
Kdelibs	Ubuntu	devel	*
Kdelibs	Ubuntu	edgy	*
Kdelibs	Ubuntu	feisty	*

References

http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
http://secunia.com/advisories/14162
http://www.kde.org/info/security/advisory-20050316-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
http://www.redhat.com/support/errata/RHSA-2005-325.html
http://www.securityfocus.com/archive/1/427976/100/0/threaded
http://www.securityfocus.com/bid/12461
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
http://secunia.com/advisories/14162
http://www.kde.org/info/security/advisory-20050316-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
http://www.redhat.com/support/errata/RHSA-2005-325.html
http://www.securityfocus.com/archive/1/427976/100/0/threaded
http://www.securityfocus.com/bid/12461
http://www.shmoo.com/idn
http://www.shmoo.com/idn/homograph.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/19236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10671

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-0237
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html