Check: DTOO001
microsoft outlook 2003:
DTOO001
(in version v4 r4)
Title
The Macro Security Level option in Office 2000, XP (2002), or 2003 applications is not set to Medium, High, or Very High. (Cat II impact)
Discussion
The security level controls the action of macros. Macros can be embedded into documents to be executed at the time the document is opened. This can potentially intitiate a malicious action.
Check Content
Procedure: This check must be performed once for each Office 2000 application, once for each Office XP application, and once for each Office 2003 application: a) Start the MS Word application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option. b) Start the MS Excel application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option. c) Start the MS PowerPoint application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option. d) Start the MS Outlook application. On the Tools menu, select the Macro item. On the Macro menu, select the Security… item. On the Security window, select the Security Level tab. On the Security Level tab, determine the value of the Security Level option. Criteria: If the Security Level option specifies a value other than Very High, High or Medium in any application, then this is a Finding.
Fix Text
For each Office 2000/Office XP/Office2003 application, perform the check once. Start the application and on the Tools menu, select the Macro item. On the Macro menu, select the Security... item. On the Security window, select the Security Level tab. On the Security Level tab, change the value of the Security Level option so that it specifies Very High, High, or Medium.
Additional Identifiers
Rule ID: SV-6396r1_rule
Vulnerability ID: V-6326
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |