Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2007-02-22 19:28
Updated : 2018-10-16 09:29
NVD link : CVE-2006-7037
Mitre link : CVE-2006-7037
JSON object : View
CWE
Products Affected
mathsoft
- mathcad
microsoft
- windows_2003_server
- windows_98se
- windows_nt
- windows_98
- windows_95
- windows_xp
- windows_2000
- windows_me