Unrated severityNVD Advisory· Published Nov 24, 2009· Updated Apr 23, 2026

CVE-2009-4073

Description

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.

Affected products

Microsoft/Internet Explorer4 versions
cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/60504nvd
secunia.com/advisories/37362nvd
securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/nvd
www.securityfocus.com/archive/1/508010/100/0/threadednvd
www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12355nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.021
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000