CVE-2015-7829

Name of the Vulnerable Software and Affected Versions Adobe Reader and Acrobat versions 10.x through 10.1.15 Adobe Reader and Acrobat versions 11.x through 11.0.12 Acrobat and Acrobat Reader DC Classic versions prior to 2015.006.30094 Acrobat and Acrobat Reader DC Continuous versions prior to 2015.009.20069

Description The issue is related to the mishandling of junctions in the Synchronizer directory, allowing attackers to delete arbitrary files via Adobe Collaboration Sync. This is a result of inadequate access control to certain features in Adobe Acrobat and Adobe Reader. The exploitation of this issue can enable a local attacker to delete arbitrary files.

Recommendations For Adobe Reader and Acrobat versions 10.x through 10.1.15, update to version 10.1.16 or later. For Adobe Reader and Acrobat versions 11.x through 11.0.12, update to version 11.0.13 or later. For Acrobat and Acrobat Reader DC Classic versions prior to 2015.006.30094, update to version 2015.006.30094 or later. For Acrobat and Acrobat Reader DC Continuous versions prior to 2015.009.20069, update to version 2015.009.20069 or later. As a temporary workaround, consider disabling the Adobe Collaboration Sync feature until a patch is available.