Check: DTOO119 - PowerPoint
Microsoft PowerPoint 2010 STIG:
DTOO119 - PowerPoint
(in versions v1 r10 through v1 r9)
Title
Configuration for file validation must be enforced. (Cat II impact)
Discussion
Office Binary Documents (97-2003) are checked to see if they conform against the file format schema before they are opened.
Check Content
The policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security “Turn off file validation” must be set to “Disabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\powerpoint\security\filevalidation Criteria: If the value EnableOnLoad is REG_DWORD = 1, this is not a finding.
Fix Text
Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security “Turn off file validation” to “Disabled”.
Additional Identifiers
Rule ID: SV-33935r1_rule
Vulnerability ID: V-26592
Group Title: DTOO119 - Turn off file validation
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001695 |
The information system prevents the execution of organization-defined unacceptable mobile code. |
Controls
Number | Title |
---|---|
SC-18 (3) |
Prevent Downloading / Execution |