Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17668 | DTOO170 | SV-53379r1_rule | Medium |
Description |
---|
An attacker might target InfoPath 2003 forms to try and compromise an organization's security. InfoPath 2003 did not write a published location for email forms, which means forms could open without a corresponding published location. By default, InfoPath sends all forms via email using InfoPath email forms integration, including forms created using the InfoPath 2003 file format. |
STIG | Date |
---|---|
Microsoft InfoPath 2013 STIG | 2016-10-28 |
Check Text ( None ) |
---|
None |
Fix Text (F-46303r1_fix) |
---|
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2013 -> InfoPath e-mail forms "Disable sending InfoPath 2003 Forms as e-mail forms" to "Enabled". |