1. Home
  2. CVE Database
  3. CVE-2006-7037
MEDIUM · 4.4

CVE-2006-7037

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows at...

Vulnerability Description

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.

CVSS Score

4.4

MEDIUM

AV:L/AC:M/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
MicrosoftWindows 2000All versions
MicrosoftWindows 2003 Serversp2
MicrosoftWindows 95All versions
MicrosoftWindows 98All versions
MicrosoftWindows 98SeAll versions
MicrosoftWindows MeAll versions
MicrosoftWindows Nt4.0
MicrosoftWindows XpAll versions
MathsoftMathcad12

References

FAQ

What is CVE-2006-7037?

CVE-2006-7037 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows at...

How severe is CVE-2006-7037?

CVE-2006-7037 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-7037?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 98Se.