[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253741

 
 

909

 
 

197391

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-116-4

Platform: office2k7Date: (C)2010-04-28   (M)2022-10-10



The "Disable VBA for Office applications" setting should be configured correctly.


Parameter:

(1) enabled/disabled


Technical Mechanism:

(1) 2007: GPO Settings:Computer Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 System / Security Settings (2) Registry keys: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\12.0\Common\VbaOff 2003: (3) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Disable VBA for Office applications (4) HKLM\Software\Policies\Microsoft\Office\11.0\Common - VbaOff (5) User Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Disable VBA for Office applications (6) HKCU\Software\Policies\Microsoft\Office\11.0\Common - VbaOff

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference
Old v4 CCE IDCCE-116
Microsoft Office 2007 Threats and Countermeasures guide Beta releaseTable 1.124. Disable VBA for Office applications, Table 2.5. Disable VBA for Office applications
Microsoft Office 2007 Recommendations (Security Settings for Office 2007 Applications.xlsx)User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable VBA for Office applications, Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\Disable VBA for Office applications
NIST SCAP Microsoft Office 2007 OVAL (SCAP-Office2007-OVAL-Beta-v1.xml)oval:org.mitre.oval:def:771
NIST SCAP Microsoft Office 2007 XCCDF (SCAP-Office2007-XCCDF-Beta-v1.xml )DisableVBAForOfficeApplications
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:11290
HIPAA/HITECH ActHIPAA/HITECH Act
Jericho ForumJericho Forum
BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v6.0
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--
ISO/IEC 27001-2005ISO/IEC 27001-2005
COBIT 4.1COBIT 4.1
GAPP (Aug 2009)GAPP (Aug 2009)
NERC CIPNERC CIP
NIST SP800-53 R3NIST SP800-53 R3 CM-5
NIST SP800-53 R3NIST SP800-53 R3 CM-6
PCIDSS v2.0PCIDSS v2.0
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--
BITS Shared Assessments AUP v5.0BITS Shared Assessments AUP v5.0
CPE    1
cpe:/a:microsoft:office:2007
OVAL    1
oval:org.secpod.oval:def:11290

© SecPod Technologies