Adobe Reader DC must prevent opening files other than PDF or FDF.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-213174 | SRG-APP-000112 | ARDC-CN-000035 | SV-213174r395811_rule | 2021-06-22 | 2 |
Description
Attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch applications. Certainly file types such as .bin, .exe, .bat, and so on will be recognized as threats.
This feature prevents users from opening or launching file types other than PDF or FDF and disables the menu option.
Satisfies: SRG-APP-000112, SRG-APP-000206, SRG-APP-000207, SRG-APP-000209, SRG-APP-000210
ℹ️ Check
Verify the following registry configuration:
Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
Value Name: iFileAttachmentPerms
Type: REG_DWORD
Value: 1
If the value for iFileAttachmentPerms is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
✔️ Fix
Configure the following registry value:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown
Value Name: iFileAttachmentPerms
Type: REG_DWORD
Value: 1