Vulnerabilities > CVE-2006-7037 - Local Security vulnerability in Mathsoft Mathcad 12/13/13.1
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 8 | |
| Application | 3 |
References
- http://securityreason.com/securityalert/2305
- http://www.securityfocus.com/archive/1/436441/30/4560/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27115
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27116
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27117
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27118