| V-17187 | Medium | Disable Trust Bar Notification for unsigned application add-ins - Excel | By default, if an application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will... |
| V-17184 | Medium | Block pop-ups for links that invoke instances of IE from within Excel | The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of... |
| V-17183 | Medium | Block navigation to URL embedded in Office products to protect against attack by malformed URL. | To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007... |
| V-17744 | Medium | AutoRepublish Warning Alert should be enabled - Excel | AutoRepublish is a feature in Excel 2007 that allows workbooks to be automatically republished to the World Wide Web each time the workbook is saved. A number of changes might need to be made to... |
| V-17621 | Medium | Force file extension to match file type created - Excel | Excel 2007 can load files with extensions that do not match the files' type. For example, if a comma-separated values (CSV) file named example.csv is renamed example.xls, Excel can properly load... |
| V-17521 | Medium | Save files default format as backward compatible, not as XML. | By default, Excel 2007 saves new workbooks in the Office Open XML format with an .xlsx extension. For users who run Excel 2000 with Service Pack 3, Excel 2002 with Service Pack 3, and Excel 2003... |
| V-17520 | Medium | Disable settings for content and add-ins that "Allow trusted locations not on computer" that might bypass more stringent security checks. | By default, files located in trusted locations and specified in the Trust Center are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with minimal security... |
| V-17522 | Medium | Disable Trust access for VBA into Excel, Word, and PowerPoint. | VSTO projects require access to the Visual Basic for Applications project system in Excel 2007, PowerPoint 2007, and Word 2007, even though the projects do not use Visual Basic for Applications.... |
| V-17173 | Medium | Disable user name and password syntax from being used in URLs | The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:password@example.com. A malicious user might use this URL syntax to... |
| V-17174 | Medium | Bind to Object - Excel | Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the... |
| V-17175 | Medium | Evaluate Saved from URL mark when launched from Excel | Typically, when Internet Explorer loads a Web page from a UNC share that contains a Mark of the Web (MOTW) comment that indicates the page was saved from a site on the Internet, Internet Explorer... |
| V-17545 | Medium | Enable Warning Bar settings for VBA macros contained in Excel Files. | By default, when users open files in the specified applications that contain VBA macros, the applications open the files with the macros disabled and display the Trust Bar with a warning that... |
| V-17503 | Medium | Disable feature that would block older version of office products from saving files to open XML formats. | The Office Open XML format file types introduced in the 2007 Microsoft Office release offer a number of benefits compared with the previous binary file types supported in Office 2003, including... |
| V-17804 | Medium | Store macro in Personal macro Workbook by default - Excel. | The Record Macro dialog box includes a drop-down menu that allows users to choose whether to store the new macro in the current workbook, a new workbook, or their personal macro workbook... |
| V-17751 | Medium | Do not Load pictures from web pates not created in Excel | By default, when users open Web pages in Excel 2007, Excel loads any graphics that are included in the pages, regardless of whether they were originally created in Excel. Allowing Excel to load... |
| V-17322 | Medium | Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter - System | The Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats enables users of Microsoft Word 2000, Word 2002, and Office Word 2003 to open files saved in the Office... |
| V-17652 | Medium | Disable the automatic republish to web pages for Excel documents having that link. | If users choose to publish Excel data to a static Web page and enable the AutoRepublish feature, Excel 2007 saves a copy of the data to the Web page every time the user saves the workbook. If the... |
| V-17732 | Medium | Ask user to update automatic links instead of automatically updating spreadsheet - Excel. | If an Excel 2007 workbook contains links to other documents and users are not prompted to approve them, the contents of the workbook might change without the users' knowledge because the linked... |
| V-17650 | Medium | Create configuration to prevent Internet links and Network UNCs from being created as embedded hyperlinks. | By default, when users type a string of characters that Excel 2007 recognizes as a Uniform Resource Locator (URL) or Uniform Naming Convention (UNC) path to a resource on the Internet or a local... |
| V-17518 | Medium | Block opening of "open XML" format files created by pre-release versions of Excel. | By default, users can open files that were saved in pre-release versions of the new Office Open XML format, which underwent some minor changes prior to the final release of Office 2007. Excel Open... |
| V-17519 | Medium | Block Opening of "Open XML" file types to prevent them automatically executing code. | The Office Open XML format file types introduced in the 2007 Microsoft Office release offer a number of benefits compared to the previous binary file types supported in Office 2003, including the... |
| V-17473 | Medium | Determine whether to force encrypted macros to be scanned in open XML workbooks. | When an Office Open XML document (Word, Excel, Powerpoint) is rights-managed or password-protected, any macros that are embedded in the document are encrypted along with the rest of the contents. ... |
| V-17471 | Medium | Disable all Trusted Locations. | Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal... |
| V-17796 | Medium | Do not save additional data needed to maintain formulas - Excel. | Microsoft Office Web Components (OWC) is a collection of Component Object Model (COM) controls used by earlier versions of Microsoft Office for publishing spreadsheets, charts, and databases to... |
