13.1

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

mathsoft

NVD

Published: 2007-02-23

Updated: 2024-11-21

Summary

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows 2003 Server Sp2 Microsoft Windows 95 * Microsoft Windows 98 * Microsoft Windows 98Se * Microsoft Windows ME * Microsoft Windows NT 4.0 Microsoft Windows XP *	8
Application	Mathsoft Mathsoft Mathcad 12 Mathsoft Mathcad 13 Mathsoft Mathcad 13.1	3

Summary

Vulnerable Configurations

References