Internet Explorer bug leaks PDF data

In an article on The Register, Dan Goodin noted that a bug in Microsoft’s Internet Explorer has been causing PDF files to leak private information about local file locations.

According to Goodin:

The documents stored in Adobe’s PDF format display the internal disk location where the file is stored, an oversight that can inadvertently expose real-world names and login IDs of users, the operating system being used and other information that is better kept private. The data can then be retrieved using simple web searches.

The potentially sensitive data is included in PDFs that have been printed using Internet Explorer. The full path location is appended to its contents as soon as the Microsoft browser is used to print the document. Although the data isn’t always exposed when the document is viewed with Adobe Reader, it is easily readable when the file is opened in editors such as Notepad, and the text is also available to Google and other search engines.

The offending information can be manually removed from individual PDF documents using PDF editors such as Adobe Acrobat. Those interested in finding out more about the issue are encouraged to read the full report written by Goodin’s original source, a security researcher code-named ‘Inferno’.

You May Also Like

About the Author: Dan Shea

Leave a Reply