CVE-2006-7037

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
OR cpe:2.3:a:mathsoft:mathcad:12:*:*:*:*:*:*:*
cpe:2.3:a:mathsoft:mathcad:13:*:*:*:*:*:*:*
cpe:2.3:a:mathsoft:mathcad:13.1:*:*:*:*:*:*:*

Information

Published : 2007-02-22 19:28

Updated : 2018-10-16 09:29


NVD link : CVE-2006-7037

Mitre link : CVE-2006-7037


JSON object : View

Advertisement

dedicated server usa

Products Affected

mathsoft

  • mathcad

microsoft

  • windows_2003_server
  • windows_98se
  • windows_nt
  • windows_98
  • windows_95
  • windows_xp
  • windows_2000
  • windows_me