CVE-2015-6718

Name of the Vulnerable Software and Affected Versions Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified)

Description The issue is related to insufficient access restrictions to certain features in the CBSharedReviewIfOfflineDialog method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions.

Recommendations For Adobe Acrobat, update to a version that addresses the CBSharedReviewIfOfflineDialog method issue. For Adobe Acrobat Document Cloud, restrict access to the CBSharedReviewIfOfflineDialog method until a patch is available. For Adobe Reader, consider disabling JavaScript execution in Adobe Reader until the issue is resolved. For Adobe Reader Document Cloud, avoid using the CBSharedReviewIfOfflineDialog method in Adobe Reader Document Cloud until a fix is provided. As a temporary workaround, consider restricting access to JavaScript API execution in Adobe Acrobat and Adobe Reader to minimize the risk of exploitation.