Reason for Action

Some risk objects, like macros in MS Office, are easy to understand. However, there are many less obvious risk objects, such as document properties, template name, etc.... These properties allow users to input data, which can pose security risks. Deep CDR provides a "reason for action" for these objects, helping users better understand the associated risks.

Supported reasons:

ActionReason/Concern
Validate Document Properties

Free-form text fields can potentially allow attackers to input data that does not conform to Microsoft schemas.

Reference: Inspection and Sanitization Guide (ISG) for MS Office 2007 section 4.8, 4.9, 4.10

Validate Template Name

There is a possibility that w:attachedTemplate refers to an invalid relationship.

Reference: ISG for MS Office 2007 section 4.5

Remove Smart TagSmart Tags can can executable code Reference: ISG for MS Office 2007 section 4.16
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Troubleshooting sanitization failures
On This Page
Reason for Action