CVE-2009-4073
published 2009-11-24CVE-2009-4073: The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
19.59%
97.0th percentile
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5p8r-4665-9fc2: The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by re
ghsa_unreviewed·2022-05-02
CVE-2009-4073 [MEDIUM] CWE-200 GHSA-5p8r-4665-9fc2: The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by re
The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.
Red Hat
ruby: hostname check bypassing vulnerability in SSL client
vendor_redhat·2013-06-27·CVSS 5.9
CVE-2013-4073 [MEDIUM] ruby: hostname check bypassing vulnerability in SSL client
ruby: hostname check bypassing vulnerability in SSL client
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Package: ruby (Red Hat Enterprise Linux 7) - Not affected
Package: jruby (Red Hat JBoss SOA Platform 4) - Will not fix
Package: jruby (Red Hat JBoss SOA Platform 5) - Will not fix
Package: ruby193-ruby (Red Hat Software Collections) - Affected
Package: ruby193-ruby (Red Hat Su
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/60504http://secunia.com/advisories/37362http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/http://www.securityfocus.com/archive/1/508010/100/0/threadedhttp://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12355http://osvdb.org/60504http://secunia.com/advisories/37362http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/http://www.securityfocus.com/archive/1/508010/100/0/threadedhttp://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12355
2009-11-24
Published