CVE-2009-4073

Published: Nov 24, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.

Affected (4)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 5
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 8

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://osvdb.org/60504

Source: cve@mitre.org

http://secunia.com/advisories/37362

Source: cve@mitre.org

http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/508010/100/0/threaded

Source: cve@mitre.org

http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12355

Source: cve@mitre.org

http://osvdb.org/60504