CVE-2015-6712
First published: Wed Oct 14 2015(Updated: )
The ANSendApprovalToAuthorEnabled method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7616, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, and CVE-2015-7623.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | >=10.0<=10.1.15 | |
| Adobe Acrobat Reader | >=11.0.0<=11.0.12 | |
| Adobe Acrobat Reader | >=15.006.30060<15.006.30094 | |
| Adobe Acrobat Reader | >=15.008.20082<15.009.20069 | |
| Adobe Acrobat Reader Notification Manager | >=10.0<=10.1.15 | |
| Adobe Acrobat Reader Notification Manager | >=11.0.0<=11.0.12 | |
| Adobe Acrobat Reader Notification Manager | >=15.006.30060<15.006.30094 | |
| Adobe Acrobat Reader Notification Manager | >=15.008.20082<15.009.20069 | |
| Apple iOS and macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6712?
CVE-2015-6712 has a high severity rating due to its potential for allowing attackers to bypass JavaScript restrictions.
How do I fix CVE-2015-6712?
To fix CVE-2015-6712, users should update their Adobe Acrobat or Reader to the latest version available.
Which Adobe products are affected by CVE-2015-6712?
CVE-2015-6712 affects Adobe Reader and Acrobat versions 10.x before 10.1.16 and 11.x before 11.0.13, among other versions of Acrobat DC.
Can CVE-2015-6712 be exploited remotely?
Yes, CVE-2015-6712 can be exploited remotely if the victim opens a malicious PDF file.
Is CVE-2015-6712 relevant for both Windows and macOS?
Yes, CVE-2015-6712 affects both Windows and macOS versions of Adobe Acrobat and Reader.
- agent/type
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/10.0
- version/adobe acrobat reader/10.1.15
- version/adobe acrobat reader/11.0.0
- version/adobe acrobat reader/11.0.12
- version/adobe acrobat reader/15.006.30060
- version/adobe acrobat reader/15.008.20082
- canonical/adobe acrobat reader notification manager
- version/adobe acrobat reader notification manager/10.0
- version/adobe acrobat reader notification manager/10.1.15
- version/adobe acrobat reader notification manager/11.0.0
- version/adobe acrobat reader notification manager/11.0.12
- version/adobe acrobat reader notification manager/15.006.30060
- version/adobe acrobat reader notification manager/15.008.20082
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows