Attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Acrobat and Reader always let you open and save PDF and FDF file attachments. Acrobat and Reader recognize certain files, such as those whose names end in .bin, .exe, and .bat, as threats. You can’t attach such files. Acrobat does allow you to attach files that cannot be saved or opened from Acrobat, such as ZIP files. However, this practice is not recommended.
Acrobat and Reader maintain a white list of file types that can be opened or saved, and a black list of file types that cannot. You are allowed to attach file types that are not on either list. However, when you open or save a file of an “unrecognized” type, you see a dialog box asking whether you trust the file type.
For details, see the Application Security Guide at www.adobe.com/go/learn_acr_appsecurity_en.
Administrators can modify the black or white list through the registry. Users can manually add a new file type to a black or white list by attaching the file and then trying to open it.
To restrict a file type that you permitted in the past, reset (restore) attachment permissions in the Trust Manager Preferences.
Because the list of allowed and disallowed file attachment types can grow over time, you can reset the lists to their original state. This state can sometimes provide the highest level of security.
The Trust Manager lets you control whether non-PDF attachments can start their associated applications.