Dynamic caching of InfoPath eMail forms must be disabled.
An XCCDF Rule
Description
InfoPath caches form templates when they are attached to a mail item recognized as an InfoPath e-mail form. When users fill out forms running with a restricted security level, InfoPath uses the cached version of the mailed template, rather than any published version. To circumvent users filling out a published form, an attacker could e-mail an alternate version of the form, which would return the data to the sender as part of a phishing attack and could be used to gain access to confidential information.
| Property | Value |
|---|---|
| Responsibility | System Administrator |
- ID
- SV-33629r1_rule
- Version
- DTOO169 - InfoPath
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> InfoPath e-mail forms “Disable dynamic caching of the form template in InfoPath e-mail forms” to “Enabled”.