Ian Bradshaw wrote: > This isn't a security issue its a privacy issue. If the leaked, embedded paths can be things like UNCs or IP-based internal server addresses, it is arguably a bit more than a privacy issue, allowing silent, external, partial mapping of the corporate intranet. Not good if your organization is in the habit of making lots of PDFs more or less publicly available from many departments, etc... Definitely something the security team should be aware of and (probably) making sure there are policies, and as necessary, amelioration tools and processes, to handle such. Regards, Nick FitzGerald
