| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 13 Aug 2015 13:51:16 -0400 From: Christopher Hudel <christopher@...el.com> To: bugtraq@...urityfocus.com Subject: Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability (low|local) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vendor: ======= Nuance Communications Product: ======== PowerPDF Advanced Version 1.0 PowerPDF Advanced Version 1.1 Advisory Information: ===================== Local Information Leakage / Disclosure Severity Level: =============== Low Vulnerability Details and Impact: ================================= The software permits the encoding/editing of meta-data such as Title, Author, Subject, Keywords, etc.. When the information is removed or overwritten within the interface, it appears that the previous information is lost. However, the information remains within the PDF file. This is a leak of potentially sensitive information after a user believes they have edited or removed it. Individuals or organizations wishing to protect sensitive meta-data of a PDF file may be unable to do so. This may cause inadvertent leakage of information (previous authors, keywords, subjects, titles, etc..) that an individual or organization does not wish to expose. Exploit Methods: ================ There are no remote exploit methods for this vulnerability. The steps to reproduce the vulnerability locally are detailed at the following location: http://christopher.hudel.com/vulns/Nuance-CVE-Submission.pdf Disclosure Timeline: ==================== 19-Jun-2015: Emailed technical contact of the nuance.com domain (hostmaster@...nce.com) asking to be contacted regarding potential information security vulnerability. [no response] 23-Jun-2015: Opened support ticket with Vendor. Through some periodic email exchange, and a phone call (16-Jul-2015) to their support team, was unable to have technical support department open the ticket and receive information about the nature of the security vulnerability. (Was not the volume purchase owner on record, so ability to submit the vulnerability was denied). 01-Jul-2015: Reached out via LinkedIn to senior IT person listed in LinkedIn for Nuance Corporation. [no response] 16-Jul-2015: Submitted vulnerability information to US-CERT. Response was to (paraphrasing) "try harder". :) 16-Jul-2015: Submitted information and vulnerability details to support@...nce.com, security@...nce.com, and media@...nce.com [no response] 08-Aug-2015: Submitted vulnerability to BugTraq mailing list. Author / Role: ============== Christopher Hudel / independent security researcher [+] Disclaimer Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVzNjpAAoJENxeBkNw/wLOQCMIAKZ9X3vhD7VsRdYC1vwYEoR3 XbcJO1RUSRa1S3iS0uiXtNAc2kPoXGeCMeoN7rIL34uPjbtHUH4tHr8aqEajcj/N 4meUgaTCgBBqPundDPhYH+YaRXGYAtpd6oXqaROlHXxPm3vAulXUCgpR4+qeTMHz vvMyt0BTKKxsSkjCICiav9GbuPF48IeFnEDb6WSZhfpzNUT1jCPAX/tDkR15D83V fDCfhRk3nHAZ8Kl4XviD3SszVPEyaj5qJjrj60rT+Lt8Y9zV31C3FrH58EM9mc4A 6wU8PBRgXI8rA55rihJBY+x/T4xT8O50nkUdMjTqdbQ/Q9sJNA0e8VK1GjOs/C0= =/nZC -----END PGP SIGNATURE----- -- Christopher Hudel christopher@...el.com
Powered by blists - more mailing lists