An error occurred:

Check: DTOO210 - Word

Microsoft Word 2007: DTOO210 - Word (in versions v4 r15 through v4 r14)

Title

Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter - System (Cat II impact)

Discussion

The Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats enables users of Microsoft Word 2000, Word 2002, and Office Word 2003 to open files saved in the Office Open XML format used by Word 2007. Word Open XML files usually have the following extensions: • .docx • .docm • .dotx • .dotm • .xml By default, the Compatibility Pack does not open files that were saved in pre-release versions of the new Office Open XML format, which underwent some minor changes prior to the final release of Word 2007. If this configuration is changed, through a registry modification or by some other mechanism, users with the Compatibility Pack installed can open files saved by some pre-release versions of Word, but not by others, which can lead to inconsistent file opening functionality.

Check Content

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Office 2007 Converters “Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock Criteria: If the value Word12BetaFilesFromConverters is REG_DWORD = 1, this is not a finding.

Fix Text

The policy value for User Configuration -> Administrative Templates -> Microsoft Office 2007 system -> Office 2007 Converters “Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter” will be set to “Enabled”.

Additional Identifiers

Rule ID: SV-18564r1_rule

Vulnerability ID: V-17322

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check