CVE-2015-6721
Description
The CBSharedReviewSecurityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Reader and Acrobat CBSharedReviewSecurityDialog method allows bypassing JavaScript API restrictions, leading to arbitrary code execution via a crafted PDF.
Vulnerability
The vulnerability exists in the CBSharedReviewSecurityDialog method of Adobe Reader and Acrobat. It allows attackers to bypass JavaScript API execution restrictions. The affected versions include Adobe Reader and Acrobat 10.x before 10.1.16, 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X [1].
Exploitation
An attacker can exploit this vulnerability by creating a specially crafted PDF file with specific JavaScript instructions. User interaction is required, as the target must open the malicious file or visit a malicious page. No authentication or special network position is needed; the attack can be delivered remotely [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the current user, leading to full compromise of the affected system. This includes potential data theft, installation of malware, or other malicious actions [1].
Mitigation
Adobe has released fixes in versions 10.1.16, 11.0.13, DC Classic 2015.006.30094, and DC Continuous 2015.009.20069, available as of October 13, 2015 [1]. Users should update to the latest versions. No workarounds have been published, and this CVE is not known to be listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: >=10.0,<=10.1.15
- (no CPE)range: <=11.0.13
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*range: >=15.006.30060,<15.006.30094
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*range: >=15.008.20082,<15.009.20069
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*range: >=15.006.30060,<15.006.30094
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*range: >=15.008.20082,<15.009.20069
- Range: <=2015.006.30094
- Range: <=2015.009.20069
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- helpx.adobe.com/security/products/acrobat/apsb15-24.htmlnvdPatchVendor Advisory
- www.securitytracker.com/id/1033796nvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-15-502nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.