cve-2006-7037
Vulnerability from cvelistv5
Published
2007-02-23 01:00
Modified
2024-08-07 20:50
Severity ?
Summary
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
References
cve@mitre.orghttp://securityreason.com/securityalert/2305
cve@mitre.orghttp://www.securityfocus.com/archive/1/436441/30/4560/threaded
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/27115
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/27116
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/27117
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/27118
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2305
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/436441/30/4560/threaded
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27115
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27116
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27117
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27118
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:50:05.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mathcad-locked-area-security-bypass(27118)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27118"
          },
          {
            "name": "2305",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2305"
          },
          {
            "name": "mathcad-timestamp-security-bypass(27116)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27116"
          },
          {
            "name": "mathcad-area-password-security-bypass(27115)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27115"
          },
          {
            "name": "20060608 Mathcad Area Lock Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/436441/30/4560/threaded"
          },
          {
            "name": "mathcad-islocked-security-bypass(27117)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the \"is-locked\" attribute, and (4) view locked data, which is stored in plaintext."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mathcad-locked-area-security-bypass(27118)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27118"
        },
        {
          "name": "2305",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2305"
        },
        {
          "name": "mathcad-timestamp-security-bypass(27116)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27116"
        },
        {
          "name": "mathcad-area-password-security-bypass(27115)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27115"
        },
        {
          "name": "20060608 Mathcad Area Lock Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/436441/30/4560/threaded"
        },
        {
          "name": "mathcad-islocked-security-bypass(27117)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27117"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-7037",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the \"is-locked\" attribute, and (4) view locked data, which is stored in plaintext."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mathcad-locked-area-security-bypass(27118)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27118"
            },
            {
              "name": "2305",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2305"
            },
            {
              "name": "mathcad-timestamp-security-bypass(27116)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27116"
            },
            {
              "name": "mathcad-area-password-security-bypass(27115)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27115"
            },
            {
              "name": "20060608 Mathcad Area Lock Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/436441/30/4560/threaded"
            },
            {
              "name": "mathcad-islocked-security-bypass(27117)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27117"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-7037",
    "datePublished": "2007-02-23T01:00:00",
    "dateReserved": "2007-02-22T00:00:00",
    "dateUpdated": "2024-08-07T20:50:05.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82F7322B-8022-4D0B-ADB3-D0F5B6F20309\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3B703C-79B2-4FA2-9E12-713AB977A880\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA733AD2-D948-46A0-A063-D29081A56F1F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"799DA395-C7F8-477C-8BC7-5B4B88FB7503\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E53CDA8E-50A8-4509-B070-CCA5604FFB21\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"580B0C9B-DD85-40FA-9D37-BAC0C96D57FC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mathsoft:mathcad:12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E883B002-F6E7-4EBC-B2B2-18E696F59EB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mathsoft:mathcad:13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E396304A-203C-4C4D-AD9B-CF29DB396450\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mathsoft:mathcad:13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB9AF7A0-4346-4C6A-AD50-9515D32B537C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the \\\"is-locked\\\" attribute, and (4) view locked data, which is stored in plaintext.\"}, {\"lang\": \"es\", \"value\": \"Mathcad versiones 12 hasta 13.1, permite a usuarios locales omitir las funcionalidades de seguridad accediendo o editando directamente la representaci\\u00f3n XML de la hoja de trabajo con un editor de texto u otro programa, que permite a atacantes (1) omitir la protecci\\u00f3n con contrase\\u00f1a reemplazando el campo password con un hash de una contrase\\u00f1a conocida, (2) modificar las marcas de tiempo para evitar la detecci\\u00f3n de modificaciones, (3) eliminar bloqueos eliminando el atributo \\\"is-locked\\\", y (4) visualizar datos bloqueados, que se almacenan en texto plano.\"}]",
      "id": "CVE-2006-7037",
      "lastModified": "2024-11-21T00:24:14.237",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2007-02-23T03:28:00.000",
      "references": "[{\"url\": \"http://securityreason.com/securityalert/2305\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/436441/30/4560/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27115\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27116\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27117\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27118\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/2305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/436441/30/4560/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27115\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27116\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-7037\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-02-23T03:28:00.000\",\"lastModified\":\"2024-11-21T00:24:14.237\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the \\\"is-locked\\\" attribute, and (4) view locked data, which is stored in plaintext.\"},{\"lang\":\"es\",\"value\":\"Mathcad versiones 12 hasta 13.1, permite a usuarios locales omitir las funcionalidades de seguridad accediendo o editando directamente la representaci\u00f3n XML de la hoja de trabajo con un editor de texto u otro programa, que permite a atacantes (1) omitir la protecci\u00f3n con contrase\u00f1a reemplazando el campo password con un hash de una contrase\u00f1a conocida, (2) modificar las marcas de tiempo para evitar la detecci\u00f3n de modificaciones, (3) eliminar bloqueos eliminando el atributo \\\"is-locked\\\", y (4) visualizar datos bloqueados, que se almacenan en texto plano.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377F7D0C-6B44-4B90-BF90-DAF959880C6D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82F7322B-8022-4D0B-ADB3-D0F5B6F20309\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3B703C-79B2-4FA2-9E12-713AB977A880\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA733AD2-D948-46A0-A063-D29081A56F1F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799DA395-C7F8-477C-8BC7-5B4B88FB7503\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E53CDA8E-50A8-4509-B070-CCA5604FFB21\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"580B0C9B-DD85-40FA-9D37-BAC0C96D57FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mathsoft:mathcad:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E883B002-F6E7-4EBC-B2B2-18E696F59EB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mathsoft:mathcad:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E396304A-203C-4C4D-AD9B-CF29DB396450\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mathsoft:mathcad:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB9AF7A0-4346-4C6A-AD50-9515D32B537C\"}]}]}],\"references\":[{\"url\":\"http://securityreason.com/securityalert/2305\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/436441/30/4560/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27115\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27116\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27117\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27118\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/2305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/436441/30/4560/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27115\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27116\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.