Check: ARDC-CL-000005
Adobe Acrobat Reader DC Classic Track STIG:
ARDC-CL-000005
(in versions v2 r1 through v1 r1)
Title
Adobe Reader DC must enable Enhanced Security in a Standalone Application. (Cat II impact)
Discussion
PDFs have evolved from static pages to complex documents with features such as interactive forms, multimedia content, scripting, and other capabilities. These features leave PDFs vulnerable to malicious scripts or actions that can damage the computer or steal data. The Enhanced security feature protects the computer against these threats by blocking or selectively permitting actions for trusted locations and files. Enhanced Security determines if a PDF is viewed within a standalone application. A threat to users of Adobe Reader DC is opening a PDF file that contains malicious executable content. Enhanced Security “hardens” the application against risky actions: prevents cross domain access, prohibits script and data injection, blocks stream access to XObjects, silent printing, and execution of high privilege JavaScript. Satisfies: SRG-APP-000112, SRG-APP-000206, SRG-APP-000207, SRG-APP-000209, SRG-APP-000210
Check Content
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\2015\FeatureLockDown Value Name: bEnhancedSecurityStandalone Type: REG_DWORD Value: 1 If the value for bEnhancedSecurityStandalone is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\2015\FeatureLockDown Value Name: bEnhancedSecurityStandalone Type: REG_DWORD Value: 1
Additional Identifiers
Rule ID: SV-213141r557349_rule
Vulnerability ID: V-213141
Group Title: SRG-APP-000112
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001166 |
The information system identifies organization-defined unacceptable mobile code. |
CCI-001169 |
The information system prevents the download of organization-defined unacceptable mobile code. |
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
CCI-001662 |
The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified. |
CCI-001695 |
The information system prevents the execution of organization-defined unacceptable mobile code. |