UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Data Execution Prevention must be enforced.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26590 DTOO128 - PowerPoint SV-33858r1_rule Medium
Description
Data Execution Prevention (DEP) is a set of hardware and software technologies performing additional checks on memory to help prevent malicious code from running on a system. The primary benefit of DEP is to help prevent code execution from data pages. Enabling this setting, turns off Data Execution Prevention. As a result, malicious code takes advantage of code injection or buffer overflow vulnerabilities possibly exploiting the computer.
STIG Date
Microsoft PowerPoint 2010 STIG 2018-04-05

Details

Check Text ( C-34242r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security -> Trust Center “Turn off Data Execution Prevention” must be set to “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\powerpoint\security

Criteria: If the value EnableDEP is REG_DWORD = 1, this is not a finding.
Fix Text (F-29936r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security -> Trust Center “Turn off Data Execution Prevention” to “Disabled”.