Check: AADC-CN-000290
Adobe Acrobat Professional DC Continuous Track STIG:
AADC-CN-000290
(in version v2 r1)
Title
Adobe Acrobat Pro DC Continuous must be configured to block Flash Content. (Cat II impact)
Discussion
Flash has a long history of vulnerabilities. Although Flash is no longer provided with Acrobat, if the system has Flash installed, a malicious PDF could execute code on the system. Configuring Flash to run from a privileged location limits the execution capability of untrusted Flash content that may be embedded in the PDF.
Check Content
Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 If the value for bEnableFlash is not set to “0” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Enable Flash' must be set to 'Disabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Enable Flash' to 'Disabled'.
Additional Identifiers
Rule ID: SV-213122r766526_rule
Vulnerability ID: V-213122
Group Title: SRG-APP-000141
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |