Attachments as security risks in Acrobat DC and Acrobat Reader DC

Search
Adobe Acrobat User Guide

On this page

Applies to: Adobe Acrobat 2017 Adobe Acrobat DC

Note:

For a full list of articles about security, see Overview of security in Acrobat and PDF content.

Attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Acrobat and Acrobat Reader always let you open and save PDF and FDF file attachments. Acrobat and Acrobat Reader recognize certain files, such as those whose names end in .bin, .exe, and .bat, as threats. You can’t attach such files. Acrobat does allow you to attach files that cannot be saved or opened from Acrobat, such as ZIP files. However, this practice is not recommended.

Acrobat and Acrobat Reader maintain a white list of file types that can be opened or saved, and a black list of file types that cannot. You are allowed to attach file types that are not on either list. However, when you open or save a file of an “unrecognized” type, you see a dialog box asking whether you trust the file type.

For details, see the Application Security Guide at www.adobe.com/go/learn_acr_appsecurity_en.

Manually add a file type to a black or white list

Administrators can modify the black or white list through the registry. Users can manually add a new file type to a black or white list by attaching the file and then trying to open it.

Steps for Acrobat DC

  1. Choose Tools > Edit PDF > More Attach A File.

  2. Add a file type that is not in the black or white list.

    If you attach an executable (.exe) file, .bin, or .bat file, you get the following warning dialog:

    File attachment warning dialog

  3. Right-click the file in the Attachments pane on the left and choose Open Attachment.

  4. In the Launch Attachment dialog box, select one of the following options, and then click OK:

    Launch attachment dialog

    Open This File:

    Opens the file without changing the registry list.

    Always Allow Opening Files Of This Type:

    Adds the file type to the white list and prevents future warnings.

    Never Allow Opening Files Of This Type:

    Adds the file type to the black list and does not open it. You can possibly attach a file of this type to a PDF, but you can’t open it.

    In case you have attached an executable (.exe) file, .bin, or .bat file, you get the following dialog box:

    Cannot open incompatible attachment dialog

    Note:

    To restrict a file type that you permitted in the past, reset (restore) attachment permissions in the Trust Manager Preferences.

Steps for Acrobat Reader DC

In Acrobat Reader, you cannot attach files. To add the existing attachment of the PDF to black or white list, follow the steps below:

  1. Right-click the file in the Attachments pane on the left and choose Open Attachment.

  2. In the Launch Attachment dialog box, select one of the following options, and then click OK:

    Launch attachment dialog

    Open This File:

    Opens the file without changing the registry list.

    Always Allow Opening Files Of This Type:

    Adds the file type to the white list and prevents future warnings.

    Never Allow Opening Files Of This Type:

    Adds the file type to the black list and does not open it. You can possibly attach a file of this type to a PDF, but you can’t open it.

    In case you have attached an executable (.exe) file, .bin, or .bat file, you get the following dialog box:

    Cannot open incompatible attachment dialog

    Note:

    To restrict a file type that you permitted in the past, reset (restore) attachment permissions in the Trust Manager Preferences.

Reset (restore) attachment permissions

Because the list of allowed and disallowed file attachment types can grow over time, you can reset the lists to their original state. This state can sometimes provide the highest level of security.

  1. Choose Edit > Preferences (Windows) or Acrobat / Acrobat Reader > Preferences (Mac OS).

  2. From the Categories on the left, select Trust Manager.

  3. In the PDF File Attachments section, click Restore. The Restore button is available only if you changed the attachment defaults.

Allow attachments to start applications

The Trust Manager lets you control whether non-PDF attachments can start their associated applications.

  1. In the Preferences dialog box, select Trust Manager from the Categories on the left.

  2. Select the option Allow Opening Of Non-PDF File Attachments With External Applications. You must have the external applications to open the files.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy

Choose your region

Selecting a region changes the language and/or content on Adobe.com.

Americas
Brasil
Canada - English
Canada - Français
Latinoamérica
México
United States
Europe, Middle East and Africa
Africa - English
België
Belgique
Belgium - English
Česká republika
Cyprus - English
Danmark
Deutschland
Eesti
España
France
Greece - English
Ireland
Israel - English
Italia
Latvija
Lietuva
Luxembourg - Deutsch
Luxembourg - English
Luxembourg - Français
Magyarország
Malta - English
Middle East and North Africa - English
Nederland
Norge
Österreich
Polska
Portugal
România
Schweiz
Slovenija
Slovensko
Suisse
Suomi
Sverige
Svizzera
Türkiye
United Kingdom
България
Россия
Україна
الشرق الأوسط وشمال أفريقيا - اللغة العربية
ישראל - עברית
Asia - Pacific
Australia
Hong Kong S.A.R. of China
India - English
New Zealand
Southeast Asia (Includes Indonesia, Malaysia, Philippines, Singapore, Thailand, and Vietnam) - English
中国
中國香港特別行政區
台灣地區
日本
한국
Commonwealth of Independent States
Includes Armenia, Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Tajikistan, Turkmenistan, Ukraine, Uzbekistan