Check: DTOO152 - Excel
Microsoft Excel 2010:
DTOO152 - Excel
(in version v1 r2)
Title
Load pictures from Web pages must be disallowed. (Cat II impact)
Discussion
When users open Web pages in Excel, Excel loads any graphics included in the pages, regardless of whether they were originally created in Excel. Allowing Excel to load graphics created in other programs can make Excel vulnerable to possible future zero-day attacks using graphic files as an attack vector. If such an event occurs, this setting can be used to mitigate the vulnerability.
Check Content
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Excel 2010 -> Excel Options -> Advanced -> Web Options -> General “Load pictures from Web pages not created in Excel” to “Disabled”.
Additional Identifiers
Rule ID: SV-33435r1_rule
Vulnerability ID: V-17751
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |