CVE-2018-16018

Name of the Vulnerable Software and Affected Versions Adobe Acrobat and Reader versions 2019.010.20064 and earlier Adobe Acrobat and Reader versions 2017.011.30110 and earlier Adobe Acrobat and Reader versions 2015.006.30461 and earlier

Description A security bypass issue exists, potentially allowing attackers to escalate privileges. The vulnerability is related to the Adobe Reader DC JavaScript API, with specific issues in ANSendForSharedReview, AnnotsString object, read-only variables, CBSharedReviewCompleteAutomation, and ANSendForFormDistribution JavaScript API restrictions bypass.

Recommendations For versions 2019.010.20064 and earlier, update to a version later than 2019.010.20064 to resolve the issue. For versions 2017.011.30110 and earlier, update to a version later than 2017.011.30110 to resolve the issue. For versions 2015.006.30461 and earlier, update to a version later than 2015.006.30461 to resolve the issue. As a temporary workaround, consider disabling the affected JavaScript APIs until a patch is available.