Details

Flash has a long history of vulnerabilities. Although Flash is no longer provided with Acrobat, if the system has Flash installed, a malicious PDF could execute code on the system. Configuring Flash to run from a privileged location limits the execution capability of untrusted Flash content that may be embedded in the PDF.

Solution

Configure the following registry value:

Registry Hive:
HKEY_LOCAL_MACHINE
Registry Path:
SoftwarePoliciesAdobeAdobe AcrobatDCFeatureLockDown

Value Name: bEnableFlash
Type: REG_DWORD
Value: 0

Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > ‘Enable Flash’ to ‘Disabled’.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Pro_DC_Continuous_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-213122r766526_rule
• STIG-ID|AADC-CN-000290
• STIG-Legacy|SV-94075
• STIG-Legacy|V-79369
• Vuln-ID|V-213122

Source

• Tenable.com/audits