Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Microsoft InfoPath 2013 STIG
DTOO168 - Sending templates with email form
DTOO168 - Sending templates with email form
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
DTOO168 - Sending templates with email form
1 Rule
<GroupDescription></GroupDescription>
Disabling sending form templates with the email forms must be configured.
Medium Severity
<VulnDiscussion>InfoPath allows users to attach form templates when sending email forms. If users are able to open form templates included with email forms, rather than using a cached version that is previously published, an attacker could send a malicious form template with the email form in an attempt to gain access to sensitive information. Note: The form template is only opened directly if the form opens with a restricted security level. Otherwise, the attachment is actually a link to the published location.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>