funsec mailing list archives
IE/PDF combo bug?
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Wed, 25 Nov 2009 10:30:47 -0800
Appreciate more detailed info, if anyone has it, unless I'm right and this is a total non-starter: "A bug in Microsofts Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said. The documents stored in Adobes PDF format display the internal disk location where the file is stored, an oversight that can inadvertently expose real-world names and login IDs of users, the operating system being used and other information that is better kept private." OK, I get it that the "50 million" number is just somebody's estimate of the total number of PDF files out there. (Or, given the next few sentences, just a Google search result.) However, this seems to be simply a bug/covert storage channel in Adobe or the PDF format. How does it involve IE? "The data can then be retrieved using simple web searches. Google searches such as this one expose almost four million documents residing on users C drives alone. Combined with searches for other common drives, the technique exposes more than 50 million files that display the local disk path" Right. So searching for "C:/" finds files (with embedded directory info) stored on the Internet. (Or tutorials on how to use DOS.) We get it. "according to Inferno, a security researcher for a large software company who asked that his real name not be used." A security consultant wannabe who is shy? That sounds suspicious ... If they have those kind of PDFs, somebody can use search engines to find out user names or do more reconnaissance on the operating systems used, he told The Register. That actually invades the privacy of a user. Scary. "The potentially sensitive data is included in PDFs that have been printed using Internet Explorer. The full path location is appended to its contents as soon as the Microsoft browser is used to print the document. Although the data isnt always exposed when the document is viewed with Adobe Reader, it is easily readable when the file is opened in editors such as Notepad, and the text is also available to Google and other search engines. This PDF, for example, was stored at C:\Program Files\Wids7\WizardReport.htm at time of printing. The path makes it clear that the file was stored on a Windows machine that has software from Worldwide Instructional Design System installed. Other PDFs give up directory names that reveal authors, projects or other data that may have been designated confidential. The only way to remove the path is erase the text in an editor and save the document." So, you can get at the info regardless, but IE just prints it up more readily? http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/ ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org People everywhere confuse what they read in newspapers with news. - A.J. Liebling victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- IE/PDF combo bug? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 25)
- Re: IE/PDF combo bug? Peter Kosinar (Nov 25)