SiteKiosk < 6.5.150 Multiple Vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by
multiple access bypass vulnerabilities.

Description :

According to its version number, the installation of SiteKiosk on the
remote host contains an unspecified ActiveX control that is marked as
'safe for scripting' yet exposes two dangerous methods that reading
and downloading of any file from the kiosk. In addition, it fails to
completely sanitize input in its 'skinning' feature before using it to
generate dynamic HTML output. By leveraging either issue, a local user
may be able to view the contents of files on the affected host.

Note that SiteKiosk by default runs with LOCAL SYSTEM privileges.

See also :

http://seclists.org/fulldisclosure/2006/Dec/232
http://www.sitekiosk.com/en-US/SiteKiosk/VersionHistory.aspx

Solution :

Upgrade to SiteKiosk version 6.5.150 or later.

Risk factor :

Medium / CVSS Base Score : 4.1
(CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 23969 ()

Bugtraq ID: 21567

CVE ID: CVE-2006-6509
CVE-2006-6510

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now