DTOO146 - PowerPoint - Trust access for VBA must be disallowed.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

VSTO projects require access to the Visual Basic for Applications project system in Excel, PowerPoint, and Word, even though the projects do not use Visual Basic for Applications. Design-time support of controls in both Visual Basic and C# projects depends on the Visual Basic for Applications project system in Word and Excel. By default, Excel, Word, and PowerPoint do not allow automation clients to have programmatic access to VBA projects. Users can enable this by selecting the Trust access to the VBA project object model in the Macro Settings section of the Trust Center. However, doing so allows macros in any documents the user opens to access the core Visual Basic objects, methods, and properties, which represents a potential security hazard.

Solution

Set the policy value for User Configuration -> Administrative Templates -> Microsoft PowerPoint 2010 -> PowerPoint Options -> Security -> Trust Center 'Trust access to Visual Basic Project' to 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_PowerPoint_2010_V1R10_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-33605r1_rule, STIG-ID|DTOO146, Vuln-ID|V-17522

Plugin: Windows

Control ID: bbeb27171e8a320cad0e8dfe85ddc74c7c09bbd728e3a73c85ebf9d4d7f5338a