Re: IE/PDF combo bug?

[Peter Kosinar <goober () nuf ksp sk>]

Summing it up, it seems to look like this:

1) Open a *local* file in IE.
2) Use some nice software for "printing into PDF" (like CuteWriter) to
    print it into PDF.
3) Check the resulting PDF's "Document Properties". The title of the
    document will contain the full path to the local file you had open
    in IE.

That's it.

It seems that if, instead of opening a local file in step 1, you opened a 
remote one (like, a page on some site), the title of the document would 
correspond to the title of the webpage (i.e. it will not contain the URL 
of the page, but rather its proper title)... which seems somewhat 
inconsistent. Unlike IE, some other browsers seem to provide the title of 
the document consistently for both local and remote files, thus not 
revealing anything [*] about you.

Naturally, the whole issue is irrelevant if the software used in step 2 
ignores the "title" provided by IE (which some of such software actually 
does).

Personally, I see this as somewhat counter-intuitive behaviour, but 
nothing of the gaping-security-hole kind. :-)

Peter

[*] Not completely true -- at least one PDF-writer includes your username
     in the document ;-) But no, this is not the end of the world either.

-- 
[Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.