Opening behavior for EMail forms containing code or scripts must be controlled.

An XCCDF Rule

Description

<VulnDiscussion>InfoPath notifies and prompts users before opening InfoPath e-mail forms that contain code or script. If this restriction is relaxed, InfoPath will open e-mail forms that contain code or script without prompting users, which could allow malicious code to run on the users' computers.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>

ID: SV-33627r1_rule
Severity: Medium
References: CCI-002460
Updated: about 1 year ago

Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> InfoPath e-mail forms “Control behavior when opening InfoPath e-mail forms containing code or script” to “Enabled (Prompt before running)”.

Opening behavior for EMail forms containing code or scripts must be controlled.

Description

Remediation - Manual Procedure