QwikSec

Security Database

CVE

CWE

Training

CVE-2006-7037

Published: Feb 23, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

mathcad-locked-area-security-bypass(27118)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SREASON

mathcad-timestamp-security-bypass(27116)

vdb-entry

x_refsource_XF

mathcad-area-password-security-bypass(27115)

vdb-entry

x_refsource_XF

20060608 Mathcad Area Lock Vulnerability

mailing-list

x_refsource_BUGTRAQ

mathcad-islocked-security-bypass(27117)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.