UCF STIG Viewer Logo

Data Execution Prevention must be enforced.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26590 DTOO128 - Word SV-33859r1_rule ECSC-1 Medium
Description
Data Execution Prevention (DEP) is a set of hardware and software technologies performing additional checks on memory to help prevent malicious code from running on a system. The primary benefit of DEP is to help prevent code execution from data pages. Enabling this setting, turns off Data Execution Prevention. As a result, malicious code takes advantage of code injection or buffer overflow vulnerabilities possibly exploiting the computer.
STIG Date
Microsoft Word 2010 2014-01-07

Details

Check Text ( C-34251r1_chk )
The policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Turn off Data Execution Prevention” must be set to “Disabled”.

Procedure: Use the Windows Registry Editor to navigate to the following key:

HKCU\Software\Policies\Microsoft\Office\14.0\word\security

Criteria: If the value EnableDEP is REG_DWORD = 1, this is not a finding.
Fix Text (F-29945r1_fix)
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Word 2010 -> Word Options -> Security -> Trust Center “Turn off Data Execution Prevention” to “Disabled”.