UCF STIG Viewer Logo

Enable the Restriction on adding custom code to InfoPath forms.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17582 DTOO175 - InfoPath SV-18703r1_rule ECSC-1 Medium
Description
By default, users can design new InfoPath 2007 forms that use custom code to add interactivity and other functionality to forms. Designers can add managed code written in C# and Visual Basic .NET, as well as scripts written in Jscript and VBScript. An inexperienced or malicious user could design a form with dangerous code that harms users' computers or puts sensitive data at risk.
STIG Date
Microsoft InfoPath 2007 2015-10-02

Details

Check Text ( C-18883r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Restricted Features “Custom code” will be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Designer\RestrictedFeatures

Criteria: If the value CodeAllowed is REG_DWORD = 0, this is not a finding.
Fix Text (F-17501r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Restricted Features “Custom code” will be set to “Enabled”.