UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Visio 2013 application must be prevented from loading any custom user interface (UI) code.


Overview

Finding ID Version Rule ID IA Controls Severity
V-40743 DTOO305 SV-52801r1_rule Medium
Description
This policy setting controls whether Office 2013 applications load any custom user interface (UI) code included with a document or template. Office 2013 allows developers to extend the UI with customization code that is included in a document or template. If this policy setting is enabled, Office 2013 applications cannot load any UI customization code included with documents and templates. If this policy setting is disabled or not configured, Office 2013 applications load any UI customization code included with a document or template when opening it, leaving the Office 2013 application susceptible to malicious code.
STIG Date
Microsoft Visio 2013 STIG 2013-12-12

Details

Check Text ( C-47130r3_chk )
Verify the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Global Options -> Customize -> "Disable UI extending from documents and templates" is set to "Enabled" and "Disallow in Visio" is checked.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\software\policies\Microsoft\office\15.0\common\toolbars\Visio

Criteria: If the value noextensibilitycustomizationfromdocument is REG_DWORD = 1, this is not a finding.
Fix Text (F-45727r2_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Office 2013 -> Global Options -> Customize -> "Disable UI extending from documents and templates" to "Enabled". Select the policy option for "Disallow in Visio".