Check: DTOO170 - InfoPath
Microsoft InfoPath 2010 STIG:
DTOO170 - InfoPath
(in version v1 r2)
Title
InfoPath 2003 forms as email forms in InfoPath 2010 must be disallowed. (Cat II impact)
Discussion
An attacker might target InfoPath 2003 forms to try and compromise an organization's security. InfoPath 2003 did not write a published location for e-mail forms, which means forms could open without a corresponding published location. By default, InfoPath sends all forms via e-mail using InfoPath e-mail forms integration, including forms created using the InfoPath 2003 file format.
Check Content
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> InfoPath e-mail forms “Disable sending InfoPath 2003 Forms as e-mail forms” to “Enabled”.
Additional Identifiers
Rule ID: SV-33646r1_rule
Vulnerability ID: V-17668
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |