From Microsoft InfoPath 2010 STIG
Part of DTOO169 - Disable dynamic caching / form template
Associated with: CCI-001170
InfoPath caches form templates when they are attached to a mail item recognized as an InfoPath e-mail form. When users fill out forms running with a restricted security level, InfoPath uses the cached version of the mailed template, rather than any published version. To circumvent users filling out a published form, an attacker could e-mail an alternate version of the form, which would return the data to the sender as part of a phishing attack and could be used to gain access to confidential information.
The policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> InfoPath e-mail forms “Disable dynamic caching of the form template in InfoPath e-mail forms” must be set to “Enabled”. Procedure: Use the Windows Registry Editor to navigate to the following key: HKCU\Software\Policies\Microsoft\Office\14.0\infopath\deployment Criteria: If the value CacheMailXSN is REG_DWORD = 0, this is not a finding.
Set the policy value for User Configuration -> Administrative Templates -> Microsoft InfoPath 2010 -> InfoPath e-mail forms “Disable dynamic caching of the form template in InfoPath e-mail forms” to “Enabled”.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer