User Guide Cancel

Attachments as security risks in Acrobat DC and Acrobat Reader DC

  1. Acrobat User Guide
  2. Introduction to Acrobat
    1. Access Acrobat from desktop, mobile, web
    2. What's new in Acrobat
    3. Keyboard shortcuts
    4. System Requirements
  3. Workspace
    1. Workspace basics
    2. Opening and viewing PDFs
      1. Opening PDFs
      2. Navigating PDF pages
      3. Viewing PDF preferences
      4. Adjusting PDF views
      5. Enable thumbnail preview of PDFs
      6. Display PDF in browser
    3. Working with online storage accounts
      1. Access files from Box
      2. Access files from Dropbox
      3. Access files from OneDrive
      4. Access files from SharePoint
      5. Access files from Google Drive
    4. Acrobat and macOS
    5. Acrobat notifications
    6. Grids, guides, and measurements in PDFs
    7. Asian, Cyrillic, and right-to-left text in PDFs
  4. Creating PDFs
    1. Overview of PDF creation
    2. Create PDFs with Acrobat
    3. Create PDFs with PDFMaker
    4. Using the Adobe PDF printer
    5. Converting web pages to PDF
    6. Creating PDFs with Acrobat Distiller
    7. Adobe PDF conversion settings
    8. PDF fonts
  5. Editing PDFs
    1. Edit text in PDFs
    2. Edit images or objects in a PDF
    3. Rotate, move, delete, and renumber PDF pages
    4. Edit scanned PDFs
    5. Enhance document photos captured using a mobile camera
    6. Optimizing PDFs
    7. PDF properties and metadata
    8. Links and attachments in PDFs
    9. PDF layers
    10. Page thumbnails and bookmarks in PDFs
    11. Action Wizard (Acrobat Pro)
    12. PDFs converted to web pages
    13. Setting up PDFs for a presentation
    14. PDF articles
    15. Geospatial PDFs
    16. Applying actions and scripts to PDFs
    17. Change the default font for adding text
    18. Delete pages from a PDF
  6. Scan and OCR
    1. Scan documents to PDF
    2. Enhance document photos
    3. Troubleshoot scanner issues when scanning using Acrobat
  7. Forms
    1. PDF forms basics
    2. Create a form from scratch in Acrobat
    3. Create and distribute PDF forms
    4. Fill in PDF forms
    5. PDF form field properties
    6. Fill and sign PDF forms
    7. Setting action buttons in PDF forms
    8. Publishing interactive PDF web forms
    9. PDF form field basics
    10. PDF barcode form fields
    11. Collect and manage PDF form data
    12. About forms tracker
    13. PDF forms help
    14. Send PDF forms to recipients using email or an internal server
  8. Combining files
    1. Combine or merge files into single PDF
    2. Rotate, move, delete, and renumber PDF pages
    3. Add headers, footers, and Bates numbering to PDFs
    4. Crop PDF pages
    5. Add watermarks to PDFs
    6. Add backgrounds to PDFs
    7. Working with component files in a PDF Portfolio
    8. Publish and share PDF Portfolios
    9. Overview of PDF Portfolios
    10. Create and customize PDF Portfolios
  9. Sharing, reviews, and commenting
    1. Share and track PDFs online
    2. Mark up text with edits
    3. Preparing for a PDF review
    4. Starting a PDF review
    5. Hosting shared reviews on SharePoint or Office 365 sites
    6. Participating in a PDF review
    7. Add comments to PDFs
    8. Adding a stamp to a PDF
    9. Approval workflows
    10. Managing comments | view, reply, print
    11. Importing and exporting comments
    12. Tracking and managing PDF reviews
  10. Saving and exporting PDFs
    1. Saving PDFs
    2. Convert PDF to Word
    3. Convert PDF to JPG
    4. Convert or export PDFs to other file formats
    5. File format options for PDF export
    6. Reusing PDF content
  11. Security
    1. Enhanced security setting for PDFs
    2. Securing PDFs with passwords
    3. Manage Digital IDs
    4. Securing PDFs with certificates
    5. Opening secured PDFs
    6. Removing sensitive content from PDFs
    7. Setting up security policies for PDFs
    8. Choosing a security method for PDFs
    9. Security warnings when a PDF opens
    10. Securing PDFs with Adobe Experience Manager
    11. Protected View feature for PDFs
    12. Overview of security in Acrobat and PDFs
    13. JavaScripts in PDFs as a security risk
    14. Attachments as security risks
    15. Allow or block links in PDFs
  12. Electronic signatures
    1. Sign PDF documents
    2. Capture your signature on mobile and use it everywhere
    3. Send documents for e-signatures
    4. About certificate signatures
    5. Certificate-based signatures
    6. Validating digital signatures
    7. Adobe Approved Trust List
    8. Manage trusted identities
  13. Printing
    1. Basic PDF printing tasks
    2. Print Booklets and PDF Portfolios
    3. Advanced PDF print settings
    4. Print to PDF
    5. Printing color PDFs (Acrobat Pro)
    6. Printing PDFs in custom sizes
  14. Accessibility, tags, and reflow
    1. Create and verify PDF accessibility
    2. Accessibility features in PDFs
    3. Reading Order tool for PDFs
    4. Reading PDFs with reflow and accessibility features
    5. Edit document structure with the Content and Tags panels
    6. Creating accessible PDFs
  15. Searching and indexing
    1. Creating PDF indexes
    2. Searching PDFs
  16. Multimedia and 3D models
    1. Add audio, video, and interactive objects to PDFs
    2. Adding 3D models to PDFs (Acrobat Pro)
    3. Displaying 3D models in PDFs
    4. Interacting with 3D models
    5. Measuring 3D objects in PDFs
    6. Setting 3D views in PDFs
    7. Enable 3D content in PDF
    8. Adding multimedia to PDFs
    9. Commenting on 3D designs in PDFs
    10. Playing video, audio, and multimedia formats in PDFs
    11. Add comments to videos
  17. Print production tools (Acrobat Pro)
    1. Print production tools overview
    2. Printer marks and hairlines
    3. Previewing output
    4. Transparency flattening
    5. Color conversion and ink management
    6. Trapping color
  18. Preflight (Acrobat Pro)
    1. PDF/X-, PDF/A-, and PDF/E-compliant files
    2. Preflight profiles
    3. Advanced preflight inspections
    4. Preflight reports
    5. Viewing preflight results, objects, and resources
    6. Output intents in PDFs
    7. Correcting problem areas with the Preflight tool
    8. Automating document analysis with droplets or preflight actions
    9. Analyzing documents with the Preflight tool
    10. Additional checks in the Preflight tool
    11. Preflight libraries
    12. Preflight variables
  19. Color management
    1. Keeping colors consistent
    2. Color settings
    3. Color-managing documents
    4. Working with color profiles
    5. Understanding color management
Note:

For a full list of articles about security, see Overview of security in Acrobat and PDF content.

Attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Acrobat and Acrobat Reader always let you open and save PDF and FDF file attachments. Acrobat and Acrobat Reader recognize certain files, such as those whose names end in .bin, .exe, and .bat, as threats. You can’t attach such files. Acrobat does allow you to attach files that cannot be saved or opened from Acrobat, such as ZIP files. However, this practice is not recommended.

Acrobat and Acrobat Reader maintain a white list of file types that can be opened or saved, and a black list of file types that cannot. You are allowed to attach file types that are not on either list. However, when you open or save a file of an “unrecognized” type, you see a dialog box asking whether you trust the file type.

For details, see the Application Security Guide at www.adobe.com/go/learn_acr_appsecurity_en.

Manually add a file type to a black or white list

Administrators can modify the black or white list through the registry. Users can manually add a new file type to a black or white list by attaching the file and then trying to open it.

  1. Choose Tools > Edit PDF > More Attach A File.

  2. Add a file type that is not in the black or white list.

    If you attach an executable (.exe) file, .bin, or .bat file, you get the following warning dialog:

  3. Right-click the file in the Attachments pane on the left and choose Open Attachment.

  4. In the Launch Attachment dialog box, select one of the following options, and then click OK:

    Launch attachment dialog

    Open This File:

    Opens the file without changing the registry list.

    Always Allow Opening Files Of This Type:

    Adds the file type to the white list and prevents future warnings.

    Never Allow Opening Files Of This Type:

    Adds the file type to the black list and does not open it. You can possibly attach a file of this type to a PDF, but you can’t open it.

    In case you have attached an executable (.exe) file, .bin, or .bat file, you get the following dialog box:

    Note:

    To restrict a file type that you permitted in the past, reset (restore) attachment permissions in the Trust Manager Preferences.

In Acrobat Reader, you cannot attach files. To add the existing attachment of the PDF to black or white list, follow the steps below:

  1. Right-click the file in the Attachments pane on the left and choose Open Attachment.

  2. In the Launch Attachment dialog box, select one of the following options, and then click OK:

    Launch attachment dialog

    Open This File:

    Opens the file without changing the registry list.

    Always Allow Opening Files Of This Type:

    Adds the file type to the white list and prevents future warnings.

    Never Allow Opening Files Of This Type:

    Adds the file type to the black list and does not open it. You can possibly attach a file of this type to a PDF, but you can’t open it.

    In case you have attached an executable (.exe) file, .bin, or .bat file, you get the following dialog box:

    Note:

    To restrict a file type that you permitted in the past, reset (restore) attachment permissions in the Trust Manager Preferences.

Reset (restore) attachment permissions

Because the list of allowed and disallowed file attachment types can grow over time, you can reset the lists to their original state. This state can sometimes provide the highest level of security.

  1. Choose Edit > Preferences (Windows) or Acrobat / Acrobat Reader > Preferences (Mac OS).

  2. From the Categories on the left, select Trust Manager.

  3. In the PDF File Attachments section, click Restore. The Restore button is available only if you changed the attachment defaults.

Allow attachments to start applications

The Trust Manager lets you control whether non-PDF attachments can start their associated applications.

  1. In the Preferences dialog box, select Trust Manager from the Categories on the left.

  2. Select the option Allow Opening Of Non-PDF File Attachments With External Applications. You must have the external applications to open the files.

Adobe logo

Sign in to your account