Note:
For a full list of articles about security, see Overview of security in Acrobat and PDF content.
Attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Acrobat and Acrobat Reader always let you open and save PDF and FDF file attachments. Acrobat and Acrobat Reader recognize certain files, such as those whose names end in .bin, .exe, and .bat, as threats. You can’t attach such files. Acrobat does allow you to attach files that cannot be saved or opened from Acrobat, such as ZIP files. However, this practice is not recommended.
Acrobat and Acrobat Reader maintain a white list of file types that can be opened or saved, and a black list of file types that cannot. You are allowed to attach file types that are not on either list. However, when you open or save a file of an “unrecognized” type, you see a dialog box asking whether you trust the file type.
For details, see the Application Security Guide at www.adobe.com/go/learn_acr_appsecurity_en.
Administrators can modify the black or white list through the registry. Users can manually add a new file type to a black or white list by attaching the file and then trying to open it.
-
Always Allow Opening Files Of This Type:
Adds the file type to the white list and prevents future warnings.
Never Allow Opening Files Of This Type:
Adds the file type to the black list and does not open it. You can possibly attach a file of this type to a PDF, but you can’t open it.
In case you have attached an executable (.exe) file, .bin, or .bat file, you get the following dialog box:
Note:
To restrict a file type that you permitted in the past, reset (restore) attachment permissions in the Trust Manager Preferences.
In Acrobat Reader, you cannot attach files. To add the existing attachment of the PDF to black or white list, follow the steps below:
-
Always Allow Opening Files Of This Type:
Adds the file type to the white list and prevents future warnings.
Never Allow Opening Files Of This Type:
Adds the file type to the black list and does not open it. You can possibly attach a file of this type to a PDF, but you can’t open it.
In case you have attached an executable (.exe) file, .bin, or .bat file, you get the following dialog box:
Note:
To restrict a file type that you permitted in the past, reset (restore) attachment permissions in the Trust Manager Preferences.
Because the list of allowed and disallowed file attachment types can grow over time, you can reset the lists to their original state. This state can sometimes provide the highest level of security.