CVE-2004-1781
Description
Local users can crash Surfnet kiosk software and access the underlying OS via the CMD_CREDITCARD_CHARGE command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can crash Surfnet kiosk software and access the underlying OS via the CMD_CREDITCARD_CHARGE command.
Vulnerability
Info Touch Surfnet kiosk software is vulnerable to a denial of service via the CMD_CREDITCARD_CHARGE command. By sending malformed arguments to this command, the application can be crashed [1]. This vulnerability affects Surfnet versions prior to 1.31.
Exploitation
A local user can exploit this vulnerability by issuing the CMD_CREDITCARD_CHARGE command with specially crafted arguments. For example, sending C:\Surfnet\WWWRoot\CMD_CREDITCARD_CHARGE:Charge=20 can trigger the crash [1].
Impact
When the Surfnet kiosk software crashes due to this vulnerability, it drops the user into the underlying operating system, allowing them to access and control it [1].
Mitigation
There is no specific patch or fixed version information available in the provided references. Users are advised to check for updates from the vendor or consider alternative solutions if a patch is not released [1].
AI Insight generated on Jun 5, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:info_touch:surfnet:1.31:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:info_touch:surfnet:1.31:*:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.securityfocus.com/bid/9348nvdExploit
News mentions
0No linked articles in our index yet.