[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Millions of PDF invisibly embedded with your internal disk paths

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Millions of PDF invisibly embedded with your internal disk paths
From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 05 Dec 2009 10:50:37 +1300

Ian Bradshaw wrote:

> This isn't a security issue its a privacy issue.

If the leaked, embedded paths can be things like UNCs or IP-based 
internal server addresses, it is arguably a bit more than a privacy 
issue, allowing silent, external, partial mapping of the corporate 
intranet.

Not good if your organization is in the habit of making lots of PDFs 
more or less publicly available from many departments, etc...

Definitely something the security team should be aware of and 
(probably) making sure there are policies, and as necessary, 
amelioration tools and processes, to handle such.



Regards,

Nick FitzGerald

Follow-Ups:
- RE: Millions of PDF invisibly embedded with your internal disk paths
  - From: Thor (Hammer of God)

References:
- RE: Millions of PDF invisibly embedded with your internal disk paths
  - From: Thor (Hammer of God)
- RE: Millions of PDF invisibly embedded with your internal disk paths
  - From: Ian Bradshaw

Prev by Date: [ MDVSA-2009:322 ] mono
Next by Date: [ MDVSA-2009:234-2 ] silc-toolkit
Previous by thread: RE: Millions of PDF invisibly embedded with your internal disk paths
Next by thread: RE: Millions of PDF invisibly embedded with your internal disk paths
Index(es):
- Date
- Thread