CVE-2006-6510

An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions.

CVSS v2.0 1.7 LOW

1.7^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/23253
http://www.securityfocus.com/archive/1/454185/100/0/threaded
http://www.securityfocus.com/bid/21567	Patch
http://www.sitekiosk.com/th_support/versions/index.php3?id=39	Patch
http://www.vupen.com/english/advisories/2006/4985
https://exchange.xforce.ibmcloud.com/vulnerabilities/30878

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:::::::*
	cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:::::::*

History

No history.

Information

Published : 2006-12-14 00:28

Updated : 2024-02-28 11:01

NVD link : CVE-2006-6510

Mitre link : CVE-2006-6510

CVE.ORG link : CVE-2006-6510

JSON object : View

Products Affected

sitekiosk

sitekiosk

CWE

NVD-CWE-Other

{"id": "CVE-2006-6510", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.7, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-14T00:28:00.000", "references": [{"url": "http://secunia.com/advisories/23253", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/454185/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21567", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.sitekiosk.com/th_support/versions/index.php3?id=39", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4985", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30878", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed \"safe for scripting\", which allows local users to bypass security protections and read arbitrary files via certain functions."}, {"lang": "es", "value": "Un control ActiveX no especificado en SiteKiosk versiones anteriores a 6.5.150 se instala \"seguro para secuencia de comandos\", lo cual permite a usuarios locales traspasar protecciones de seguridad y leer ficheros de su elecci\u00f3n mediante funciones concretas."}], "lastModified": "2018-10-17T21:49:02.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1D131E1-457B-4443-BA8D-A153DDA1B89A"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.9.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A3563DA-0211-4595-8207-1A3209F1764D"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F11A488-AD48-4913-A962-6CF846B3D26C"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "257CDE22-0AE2-4BE3-9FC3-DE1454B8810F"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.96.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85FDBE24-1A00-4F32-8C51-83F24678412E"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:4.97.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "880C49B6-AA89-4840-80E1-7A16BAC61F45"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C49DF177-C03A-4884-889A-B79A45C7B4D4"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F37CEB07-CBBC-445A-855A-BEE7D7F0E5B5"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C50C37F-0CA0-4DB6-BAAD-CFD1C7AA4266"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C86C5E3B-8DF8-47EA-8110-A25D211BAB8F"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C38CA94A-1173-4174-9574-F77363B1EA7F"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "425EFE9F-4084-4526-B729-AEEDC1A84FF0"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.41:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA4A23F6-B99B-4FB3-AB32-5324FAFE38B6"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.238:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A79BEB08-65F2-43C5-9481-5B4E8F775475"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.248:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FAB39B1-C586-4D7C-9F46-BCD45E13AA98"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.0.264:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC8B038C-CDDB-4D00-98A3-D0E7BD765F04"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8098958-8975-43F4-AFA8-4FD26783A26C"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76CB9672-C009-47E8-86CF-381EB13BB308"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B98FE8C-737D-4925-9586-8D7E8A264C60"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9E019C6-4C7B-41AA-9839-D970E027D5F5"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:5.5.45:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53B4FBEE-FFE8-478E-824F-73C490F09347"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E56CE520-6BB4-4B96-B4C5-4AC3500D7426"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.0.98_final:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25614B18-60CD-49EC-BA4B-528449BB0F90"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.2.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C47CD55-9A40-4C97-8356-3527C0377C50"}, {"criteria": "cpe:2.3:a:sitekiosk:sitekiosk:6.5.149:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F52F2DD0-EA5A-46D7-9238-9A4D7395AD04"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSiteKiosk, SiteKiosk, 6.5.150"}