Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Enable the Restriction on adding custom code to InfoPath forms.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-17582 | DTOO175 - InfoPath | SV-18703r1_rule | ECSC-1 | Medium |
| Description |
|---|
| By default, users can design new InfoPath 2007 forms that use custom code to add interactivity and other functionality to forms. Designers can add managed code written in C# and Visual Basic .NET, as well as scripts written in Jscript and VBScript. An inexperienced or malicious user could design a form with dangerous code that harms users' computers or puts sensitive data at risk. |
| STIG | Date |
|---|---|
| Microsoft InfoPath 2007 | 2015-10-02 |
Details
| Check Text ( C-18883r1_chk ) |
|---|
| The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Restricted Features “Custom code” will be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Designer\RestrictedFeatures Criteria: If the value CodeAllowed is REG_DWORD = 0, this is not a finding. |
| Fix Text (F-17501r1_fix) |
|---|
| The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> Restricted Features “Custom code” will be set to “Enabled”. |