SecurityFocus

Millions of PDF invisibly embedded with your internal disk paths Nov 23 2009 03:45PM
Inferno (inferno securethoughts com) (1 replies)

RE: Millions of PDF invisibly embedded with your internal disk paths Nov 24 2009 01:11AM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)

Re: Millions of PDF invisibly embedded with your internal disk paths Nov 25 2009 09:06AM
Patrick Webster (sflist aushack com) (1 replies)

I agree. Discovering the local path may be considered a risk, but in
most cases the risk is nil.

Consider compiled binaries. They also leak paths of the developer's
compile environment (mainly PDB -
http://support.microsoft.com/kb/121366). E.g. My firefox.exe is:

e:\builds\moz2_slave\win32_build\build\obj-firefox\browser\app\firefox.p
db

This reminds me of the iPhone worm. Everyone knew about the default
root password years ago... it is not like people weren't already
scanning for gaolbroken phones before worms were released >:)

Then again, the worm brought attention to the fact.

PDF's are mainly used for two reasons:

1) Prevent end-user modification
2) Because Microsoft Word conceals information & tracks changes etc,
and too many government & enterprise organisations have been bitten by
it that PDF is a rule of thumb. At least in my experience.

Considering that, perhaps for the PDF format specifically this could
be an issue, under the assumption that consumers use PDF
/specifically/ to prevent data leakage.

-Patrick

[ reply ]

Re: Millions of PDF invisibly embedded with your internal diskpaths Dec 03 2009 09:01AM
Pavel Machek (pavel ucw cz)