UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Disable dynamic caching of the form template in InfoPath eMail forms.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17654 DTOO169 - InfoPath SV-18804r1_rule ECSC-1 Medium
Description
By default, InfoPath 2007 caches form templates when they are attached to a mail item that is recognized as an InfoPath e-mail form. When users fill out forms that open with a restricted security level, InfoPath uses the cached version of the mailed template, rather than any published version. To circumvent users filling out a published form, an attacker could e-mail an alternate version of the form, which would return the data to the sender as part of a phishing attack and could be used to gain access to confidential information.
STIG Date
Microsoft InfoPath 2007 2015-10-02

Details

Check Text ( C-18925r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> InfoPath e-mail forms “Disable dynamic caching of the form template in InfoPath e-mail forms” will be set to “Enabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\12.0\InfoPath\Deployment

Criteria: If the value CacheMailXSN is REG_DWORD = 0, this is not a finding.

Fix Text (F-17552r1_fix)
The policy value for User Configuration -> Administrative Templates -> Microsoft Office InfoPath 2007 -> InfoPath e-mail forms “Disable dynamic caching of the form template in InfoPath e-mail forms” will be set to “Enabled”.