lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 13 Aug 2015 13:51:16 -0400
From: Christopher Hudel <>
Subject: Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability

Hash: SHA1

Nuance Communications

PowerPDF Advanced Version 1.0
PowerPDF Advanced Version 1.1

Advisory Information:
Local Information Leakage / Disclosure

Severity Level:
Vulnerability Details and Impact:
The software permits the encoding/editing of meta-data such as Title,
Author, Subject, Keywords, etc.. When the information is removed or
overwritten within the interface, it appears that the previous
information is lost. However, the information remains within the PDF
file. This is a leak of potentially sensitive information after  a user
believes they have edited or removed it.

Individuals or organizations wishing to protect sensitive meta-data of a
PDF file may be unable to do so. This may cause inadvertent leakage of
information (previous authors, keywords, subjects, titles, etc..) that
an individual or organization does not wish to expose.

Exploit Methods:
There are no remote exploit methods for this vulnerability. The steps to
reproduce the vulnerability locally are detailed at the following

Disclosure Timeline:
19-Jun-2015: Emailed technical contact of the domain
( asking to be contacted regarding potential
information security vulnerability. [no response]

23-Jun-2015: Opened support ticket with Vendor. Through some periodic
email exchange, and a phone call (16-Jul-2015) to their support team,
was unable to have technical support department open the ticket and
receive information about the nature of the security vulnerability. (Was
not the volume purchase owner on record, so ability to submit the
vulnerability was denied).

01-Jul-2015: Reached out via LinkedIn to senior IT person listed in
LinkedIn for Nuance Corporation. [no response]

16-Jul-2015: Submitted vulnerability information to US-CERT. Response
was to (paraphrasing) "try harder". :)

16-Jul-2015: Submitted information and vulnerability details to,, and [no

08-Aug-2015: Submitted vulnerability to BugTraq mailing list.

Author / Role:
Christopher Hudel / independent security researcher

[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given
to the author. The author is not responsible for any misuse of the
information contained herein and prohibits any malicious use of all
security related information or exploits by the author or elsewhere.
Version: GnuPG v2


  Christopher Hudel

Powered by blists - more mailing lists