Vulnerability Name:

CVE-2009-4073 (CCN-54399)

Assigned:2009-11-23
Published:2009-11-23
Updated:2021-07-23
Summary:The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Mon Nov 23 2009
Millions of PDF invisibly embedded with your internal disk paths

Source: MITRE
Type: CNA
CVE-2009-4073

Source: OSVDB
Type: UNKNOWN
60504

Source: CCN
Type: SA37362
Internet Explorer PDF Export Information Disclosure

Source: SECUNIA
Type: UNKNOWN
37362

Source: MISC
Type: UNKNOWN
http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/

Source: CCN
Type: SECTRACK ID: 1023233
Microsoft Internet Explorer Discloses Local Path Names When Printing Local HTML Files to PDF Files

Source: CCN
Type: Microsoft Web site
Internet Explorer

Source: CCN
Type: OSVDB ID: 60504
Microsoft IE PDF Export Title Property File Path Disclosure

Source: BUGTRAQ
Type: UNKNOWN
20091123 Millions of PDF invisibly embedded with your internal disk paths

Source: CCN
Type: BID-37117
Microsoft Internet Explorer PDF Generation Information Disclosure Vulnerability

Source: MISC
Type: UNKNOWN
http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/

Source: XF
Type: UNKNOWN
ie-pdf-information-disclosure(54399)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12355

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:8.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12355
    V
    		Microsoft Internet Explorer PDF Printing Information Disclosure
    2011-08-15
    BACK
    microsoft internet explorer 8
    microsoft internet explorer 7
    microsoft internet explorer 6
    microsoft internet explorer 5
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 7.0
    microsoft ie 8.0