CVE-2015-7829
Description
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete arbitrary files via Adobe Collaboration Sync, a related issue to CVE-2015-2428.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Reader mishandles junctions in the Synchronizer directory, allowing local attackers to delete arbitrary files via Collaboration Sync.
Vulnerability
This vulnerability affects Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows. The issue lies in the handling of junction points in the Synchronizer directory. An attacker can exploit this by setting up a junction point in the Synchronizer folder and then running Adobe Collaboration Sync, which deletes the folder contents. This is a sandbox escape vulnerability (related to CVE-2015-2428). [1]
Exploitation
To exploit this vulnerability, an attacker must first achieve code execution within a sandboxed Adobe Reader process, which requires user interaction (e.g., the target visiting a malicious page or opening a malicious file). The attacker then sets up a junction point in the Synchronizer folder. By invoking Adobe Collaboration Sync, the contents of the targeted junction path are deleted. No authentication beyond the sandboxed process context is required. [1]
Impact
A successful attack allows the attacker to delete arbitrary files on the system from a sandboxed Adobe Reader process. The attacker can delete files as the current user. This results in a denial of service or potential data loss, with no direct confidentiality or integrity impact beyond file deletion. The CVSS score for this issue is 1.9 (AV:L/AC:M/Au:N/C:N/I:N/A:P). [1]
Mitigation
Adobe addressed this vulnerability with the following fixed versions: Adobe Reader and Acrobat 10.1.16, 11.0.13, Acrobat and Acrobat Reader DC Classic 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous 2015.009.20069. Users should update to these or later versions. No other mitigation or workaround has been disclosed. [1]
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*range: >=10.0,<=10.1.15
- (no CPE)range: >10.0, <10.1.16
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*range: >=15.006.30060,<15.006.30094
- cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*range: >=15.008.20082,<15.009.20069
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*range: >=10.0,<=10.1.15
- (no CPE)range: >10.0, <10.1.16
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*+ 1 more
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*range: >=15.006.30060,<15.006.30094
- cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*range: >=15.008.20082,<15.009.20069
- Range: <2015.006.30094
- Range: <2015.009.20069
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- helpx.adobe.com/security/products/acrobat/apsb15-24.htmlnvdPatchVendor Advisory
- www.securitytracker.com/id/1033796nvdThird Party AdvisoryVDB Entry
- www.zerodayinitiative.com/advisories/ZDI-15-465nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.