lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 13 Aug 2015 13:51:16 -0400
From: Christopher Hudel <christopher@...el.com>
To: bugtraq@...urityfocus.com
Subject: Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability
 (low|local)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vendor:
=======
Nuance Communications

Product:
========
PowerPDF Advanced Version 1.0
PowerPDF Advanced Version 1.1

Advisory Information:
=====================
Local Information Leakage / Disclosure

Severity Level:
===============
Low
 
Vulnerability Details and Impact:
=================================
The software permits the encoding/editing of meta-data such as Title,
Author, Subject, Keywords, etc.. When the information is removed or
overwritten within the interface, it appears that the previous
information is lost. However, the information remains within the PDF
file. This is a leak of potentially sensitive information after  a user
believes they have edited or removed it.

Individuals or organizations wishing to protect sensitive meta-data of a
PDF file may be unable to do so. This may cause inadvertent leakage of
information (previous authors, keywords, subjects, titles, etc..) that
an individual or organization does not wish to expose.

Exploit Methods:
================
There are no remote exploit methods for this vulnerability. The steps to
reproduce the vulnerability locally are detailed at the following
location: http://christopher.hudel.com/vulns/Nuance-CVE-Submission.pdf


Disclosure Timeline:
====================
19-Jun-2015: Emailed technical contact of the nuance.com domain
(hostmaster@...nce.com) asking to be contacted regarding potential
information security vulnerability. [no response]

23-Jun-2015: Opened support ticket with Vendor. Through some periodic
email exchange, and a phone call (16-Jul-2015) to their support team,
was unable to have technical support department open the ticket and
receive information about the nature of the security vulnerability. (Was
not the volume purchase owner on record, so ability to submit the
vulnerability was denied).

01-Jul-2015: Reached out via LinkedIn to senior IT person listed in
LinkedIn for Nuance Corporation. [no response]

16-Jul-2015: Submitted vulnerability information to US-CERT. Response
was to (paraphrasing) "try harder". :)

16-Jul-2015: Submitted information and vulnerability details to
support@...nce.com, security@...nce.com, and media@...nce.com [no
response]

08-Aug-2015: Submitted vulnerability to BugTraq mailing list.

Author / Role:
==============
Christopher Hudel / independent security researcher

[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given
to the author. The author is not responsible for any misuse of the
information contained herein and prohibits any malicious use of all
security related information or exploits by the author or elsewhere.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJVzNjpAAoJENxeBkNw/wLOQCMIAKZ9X3vhD7VsRdYC1vwYEoR3
XbcJO1RUSRa1S3iS0uiXtNAc2kPoXGeCMeoN7rIL34uPjbtHUH4tHr8aqEajcj/N
4meUgaTCgBBqPundDPhYH+YaRXGYAtpd6oXqaROlHXxPm3vAulXUCgpR4+qeTMHz
vvMyt0BTKKxsSkjCICiav9GbuPF48IeFnEDb6WSZhfpzNUT1jCPAX/tDkR15D83V
fDCfhRk3nHAZ8Kl4XviD3SszVPEyaj5qJjrj60rT+Lt8Y9zV31C3FrH58EM9mc4A
6wU8PBRgXI8rA55rihJBY+x/T4xT8O50nkUdMjTqdbQ/Q9sJNA0e8VK1GjOs/C0=
=/nZC
-----END PGP SIGNATURE-----

-- 
  Christopher Hudel
  christopher@...el.com

Powered by blists - more mailing lists