CVE-2006-7037

Name of the Vulnerable Software and Affected Versions Mathcad versions 12 through 13.1

Description The issue allows local users to bypass security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program. This enables attackers to bypass password protection by replacing the password field with a hash of a known password, modify timestamps to avoid detection of modifications, remove locks by removing the is-locked attribute, and view locked data, which is stored in plaintext.

Recommendations For Mathcad versions 12 through 13.1, consider restricting access to the XML representation of worksheets to prevent unauthorized editing, and avoid storing sensitive data in plaintext. As a temporary workaround, consider implementing additional security measures, such as encrypting sensitive data and using external access control mechanisms to prevent unauthorized access.