Multiple web browsers are vulnerable to spoofing attacks through the use of Internationalized Domain Names. Other applications such as email programs may also be vulnerable.
The Domain Name System
The Domain Name System (DNS) provides name, address, and other information about Internet Protocol (IP) networks and devices. DNS was designed to support domain names that use a subset of the American Standard Code for Information Interchange (ASCII) character set.
By making a malicious web site appear to be a site that the user trusts, an attacker could convince the user to provide sensitive information.
Upgrade or Patch
Apple Computer Inc.
KDE Desktop Environment Project
Red Hat Software, Inc.
This vulnerability was publicly disclosed by Evgeniy Gabrilovich and Alex Gontmakher.
This document was written by Will Dormann.
|Date First Published:||2005-03-22|
|Date Last Updated:||2005-08-01 14:29 UTC|