IE bug leaks private details from 50m PDF files
Black hat recon courtesy of Microsoft
A bug in Microsoft's Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said.
The documents stored in Adobe's PDF format display the internal disk location where the file is stored, an oversight that can inadvertently expose real-world names and login IDs of users, the operating system being used and other information that is better kept private. The data can then be retrieved using simple web searches.
Google searches such as this one expose almost four million documents residing on users' C drives alone. Combined with searches for other common drives, the technique exposes more than 50 million files that display the local disk path, according to Inferno, a security researcher for a large software company who asked that his real name not be used.
"If they have those kind of PDFs, somebody can use search engines to find out user names or do more reconnaissance on the operating systems used," he told The Register. "That actually invades the privacy of a user."
The potentially sensitive data is included in PDFs that have been printed using Internet Explorer. The full path location is appended to its contents as soon as the Microsoft browser is used to print the document. Although the data isn't always exposed when the document is viewed with Adobe Reader, it is easily readable when the file is opened in editors such as Notepad, and the text is also available to Google and other search engines.
This PDF, for example, was stored at C:\Program Files\Wids7\WizardReport.htm at time of printing. The path makes it clear that the file was stored on a Windows machine that has software from Worldwide Instructional Design System installed. Other PDFs give up directory names that reveal authors, projects or other data that may have been designated confidential.
The only way to remove the path is erase the text in an editor and save the document.
All versions of IE suffer from the bug. A Microsoft spokeswoman said company engineers are working to reproduce the reported behavior. "We can confirm that this is not a vulnerability," she wrote in an email.
Adobe representatives didn't reply to requests for comment. Inferno's report is here. ®
Sponsored: Global DDoS threat landscape report