CVE-2006-7037
Last modified
CVE-2006-7037 is a vulnerability of currently unknown severity. Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mathsoft | Mathcad | 12 |
| Mathsoft | Mathcad | 13 |
| Mathsoft | Mathcad | 13.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-7037?
How severe is CVE-2006-7037?
How do I fix CVE-2006-7037?
Are you affected by CVE-2006-7037?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST