Millions of PDF Invisibly Embedded with Your Internal Disk Paths


Today, more than ever, anyone can find the information they need by using a few mouse clicks on the Internet.  This ease-of-access comes at a price though, namely security.

It is the goal of cyber security professionals everywhere to balance the ever increasing appetite for more information and more access with procedures and controls that protect vital information.

Unfortunately, at times it seems security is overlooked or sacrificed, which creates vulnerabilities.  People with evil intentions will continue to look for these vulnerabilities so they can be exploited, as is the case with PDF files and Internet Explorer.

This particular vulnerability exists when printing a PDF file from within an Internet Explorer browser.  When you select print, the PDF file is embedded with your local disk paths.  To make matters worse, this information is done invisibly without any notification or warning.

What does this mean to you?  Well, if you have printed a PDF file from your browser and then posted that file or emailed it to someone, you have provided a means for someone to extract the file paths on your system.

As with all vulnerabilities, this one can be mitigated.  To ensure your system’s file paths aren’t out there for the taking, you must manually edit the PDF files title attributes to delete the information.

You can also use a different web browser, as other browsers do not embed local file paths.  Instead, they only show “…” and not the actual file path information.

This vulnerability is another example why cyber security professionals must remain vigilant.  Just as users have an infinite appetite for more information, people that want to steal your data are just as hungry.

Stay alert, keep in tune with the latest security notices, and continue to visit Secure Thoughts for the latest cyber security information.  It’s up to us to protect our users and keep their data safe!

Leave a Comment