Adobe Acrobat Pro XI must be configured to block Flash Content.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-75273 | ADBP-XI-000290 | SV-89953r1_rule | Medium |
| Description |
|---|
| Flash has a long history of vulnerabilities. Although Flash is no longer provided with Acrobat, if the system has Flash installed, a malicious PDF could execute code on the system. Configuring Flash to run from a privileged location limits the execution capability of untrusted Flash content that may be embedded in the PDF. |
| STIG | Date |
|---|---|
| Adobe Acrobat Pro XI Security Technical Implementation Guide | 2018-01-03 |
Details
| Check Text ( C-75057r1_chk ) |
|---|
| Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\11.0\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 If the value for bEnableFlash is not set to “0” and Type is not configured to REG_DWORD or does not exist, this is a finding. |
| Fix Text (F-81889r2_fix) |
|---|
| Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\11.0\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 |