Microsoft PowerPoint 2007

Details

Version / Release: V4R14

Published: 2015-03-31

Updated At: 2018-09-23 04:12:18

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-18179r1_rule DTOO104 - PowerPoint MEDIUM Disable user name and password syntax from being used in URLs The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form http://username:[email protected] A malicious user might use this URL syntax to create a hyperlink that appears to open a legitimate Web s
    SV-18186r1_rule DTOO111 - PowerPoint MEDIUM Enable IE Bind to Object functionality for instances of IE launched from PowerPoint. Internet Explorer performs a number of safety checks before initializing an ActiveX control. It will not initialize a control if the kill bit for the control is set in the registry, or if the security settings for the zone in which the control is located
    SV-18201r1_rule DTOO117 - PowerPoint MEDIUM Evaluate Saved from URL mark when launched from PowerPoint Typically, when Internet Explorer loads a Web page from a UNC share that contains a Mark of the Web (MOTW) comment that indicates the page was saved from a site on the Internet, Internet Explorer runs the page in the Internet security zone instead of the
    SV-18208r1_rule DTOO123 - PowerPoint MEDIUM Block navigation to URL embedded in Office products to protect against attack by malformed URL. To protect users from attacks, Internet Explorer usually does not attempt to load malformed URLs. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for example, if a user clicks a link
    SV-18211r1_rule DTOO129 - PowerPoint MEDIUM Block pop-ups for links that invoke instances of IE from within PowerPoint. The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. This functionality can be controlled separately for instances of Internet Explorer spawned by 2007 Office applications (for exa
    SV-18222r1_rule DTOO131 - PowerPoint MEDIUM Disable Trust Bar Notification for unsigned application add-ins -PowerPoint By default, if an application is configured to require that all add-ins be signed by a trusted publisher, any unsigned add-ins the application loads will be disabled and the application will display the Trust Bar at the top of the active window. The Trust
    SV-18562r1_rule DTOO210 - Powerpoint MEDIUM Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter - System The Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats enables users of Microsoft Word 2000, Word 2002, and Office Word 2003 to open files saved in the Office Open XML format used by Word 2007. Word Open XML files usuall
    SV-18530r1_rule DTOO133 - Powerpoint MEDIUM Disable all Trusted Locations. Trusted locations specified in the Trust Center are used to define file locations that are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with a minimal amount of security, without prompting the users for permiss
    SV-18535r1_rule DTOO142 - Powerpoint MEDIUM Determine whether to force encrypted macros to be scanned in open XML presentations. When an Office Open XML document (Word, Excel, Powerpoint) is rights-managed or password-protected, any macros that are embedded in the document are encrypted along with the rest of the contents. By default, these encrypted macros will be disabled unles
    SV-18575r1_rule DTOO155 - PowerPoint MEDIUM Disable feature that would block older version of office products from saving files to open XML formats. The Office Open XML format file types introduced in the 2007 Microsoft Office release offer a number of benefits compared with the previous binary file types supported in Office 2003, including the potential to reduce the effects of malicious code. Files
    SV-18590r1_rule DTOO153 - PowerPoint MEDIUM Block opening of "open XML" format files created by pre-release versions of PowerPoint By default, users can open files that were saved in pre-release versions of the new Office Open XML format, which underwent some minor changes prior to the final release of Office 2007. Open XML files usually have the following extensions: • .xlsb • .
    SV-18594r1_rule DTOO154 - PowerPoint MEDIUM Block Opening of "Open XML" file types to prevent them automatically executing code. The Office Open XML format file types introduced in the 2007 Microsoft Office release offer a number of benefits compared to the previous binary file types supported in Office 2003, including the potential to reduce the effects of malicious code. Files ca
    SV-18599r1_rule DTOO134 - PowerPoint MEDIUM Disable settings for content and add-ins that "Allow trusted locations not on computer" that might bypass more stringent security checks. By default, files located in trusted locations and specified in the Trust Center are assumed to be safe. Content, code, and add-ins are allowed to load from trusted locations with minimal security and without prompting the user for permission. By default,
    SV-18607r1_rule DTOO139 - PowerPoint MEDIUM Save files default format as backward compatible, not as XML. By default, Office 2007 producst save new workbooks in the Office Open XML format. For users who run prior versions of Office products, Microsoft offers the Microsoft Office Compatibility Pack, which enables these versions to open and save open XML format
    SV-18611r2_rule DTOO146 - PowerPoint MEDIUM Disable Trust access for VBA into Excel, Word, and PowerPoint. VSTO projects require access to the Visual Basic for Applications project system in Excel 2007, PowerPoint 2007, and Word 2007, even though the projects do not use Visual Basic for Applications. Design-time support of controls in both Visual Basic and C#
    SV-18639r1_rule DTOO304 - PowerPoint MEDIUM Enable Warning Bar settings for VBA macros contained in PowerPoint Files. By default, when users open files in the specified applications that contain VBA macros, the applications open the files with the macros disabled and display the Trust Bar with a warning that macros are present and have been disabled. Users can inspect an
    SV-18665r1_rule DTOO299 - PowerPoint MEDIUM Block PowerPoint from automatically opening converters to view older PowerPoint presentations. PowerPoint 2007 requires the use of a conversion tool to open presentations saved in versions of PowerPoint older than PowerPoint 97, such as PowerPoint 95, PowerPoint 4.0, and others. If a vulnerability is discovered that affects these kinds of files, yo
    SV-18943r1_rule DTOO290 - PowerPoint MEDIUM Make hidden markup invisible - PowerPoint PowerPoint presentations that are saved in standard or HTML format can contain a flag indicating whether markup (comments or ink annotations) in the presentation should be visible when the presentation is open. By default, PowerPoint 2007 ignores this fla
    SV-19007r1_rule DTOO289 - PowerPoint MEDIUM Disable the ability to run programs from a PowerPoint presentation. Action buttons can be used to launch external programs from PowerPoint 2007 presentations. If a malicious person adds an action button to a presentation that launches a dangerous program, it could significantly affect the security of a user's computer and
    SV-19044r1_rule DTOO291 - PowerPoint MEDIUM Disable the feature to "unblock automatic download of linked images" in PowerPoint. When users insert images into PowerPoint 2007 presentations, they can select Link to File instead of Insert. If they do so, the image is represented by a link to a file on disk instead of being embedded in the presentation file itself. By default, when Po