CVE-2006-7037

Опубликовано: 23 фев. 2007

Источник: nvd

CVSS2: 4.4

EPSS Низкий

Описание

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*

Одно из

cpe:2.3:a:mathsoft:mathcad:12:*:*:*:*:*:*:*

cpe:2.3:a:mathsoft:mathcad:13:*:*:*:*:*:*:*

cpe:2.3:a:mathsoft:mathcad:13.1:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00064

Низкий

4.4 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fhc2-9h5p-3c4x

github

почти 4 года назад