[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Nuance PowerPDF Advanced Metadata Information Disclosure Vulnerability (low|local)

Hash: SHA1

Nuance Communications

PowerPDF Advanced Version 1.0
PowerPDF Advanced Version 1.1

Advisory Information:
Local Information Leakage / Disclosure

Severity Level:
Vulnerability Details and Impact:
The software permits the encoding/editing of meta-data such as Title,
Author, Subject, Keywords, etc.. When the information is removed or
overwritten within the interface, it appears that the previous
information is lost. However, the information remains within the PDF
file. This is a leak of potentially sensitive information after  a user
believes they have edited or removed it.

Individuals or organizations wishing to protect sensitive meta-data of a
PDF file may be unable to do so. This may cause inadvertent leakage of
information (previous authors, keywords, subjects, titles, etc..) that
an individual or organization does not wish to expose.

Exploit Methods:
There are no remote exploit methods for this vulnerability. The steps to
reproduce the vulnerability locally are detailed at the following
location: http://christopher.hudel.com/vulns/Nuance-CVE-Submission.pdf

Disclosure Timeline:
19-Jun-2015: Emailed technical contact of the nuance.com domain
(hostmaster@xxxxxxxxxx) asking to be contacted regarding potential
information security vulnerability. [no response]

23-Jun-2015: Opened support ticket with Vendor. Through some periodic
email exchange, and a phone call (16-Jul-2015) to their support team,
was unable to have technical support department open the ticket and
receive information about the nature of the security vulnerability. (Was
not the volume purchase owner on record, so ability to submit the
vulnerability was denied).

01-Jul-2015: Reached out via LinkedIn to senior IT person listed in
LinkedIn for Nuance Corporation. [no response]

16-Jul-2015: Submitted vulnerability information to US-CERT. Response
was to (paraphrasing) "try harder". :)

16-Jul-2015: Submitted information and vulnerability details to
support@xxxxxxxxxx, security@xxxxxxxxxx, and media@xxxxxxxxxx [no

08-Aug-2015: Submitted vulnerability to BugTraq mailing list.

Author / Role:
Christopher Hudel / independent security researcher

[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given
to the author. The author is not responsible for any misuse of the
information contained herein and prohibits any malicious use of all
security related information or exploits by the author or elsewhere.
Version: GnuPG v2


  Christopher Hudel