Fatally corrupt files must be blocked from opening.
An XCCDF Rule
Description
<VulnDiscussion>Enabling this setting allows user to open fatally corrupt Publisher 2010 files. As a result, malicious code or users could become active on user computers or the network. For example, a malicious user may purposely corrupt a Publisher file. The corrupted file could force the application to fail or execute malicious code, giving the malicious user control of Publisher 2010. </VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>System Administrator</Responsibility><Responsibility>Information Assurance Officer</Responsibility><IAControls></IAControls>
- ID
- SV-34092r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Set the policy value for User Configuration -> Administrative Templates -> Microsoft Publisher 2010 -> Security “Prompt to allow fatally corrupt files to open instead of blocking them” to “Disabled".