Beginning in Microsoft Security Advisory MS10-105, the security update that is described in the security advisory lets users and administrators control when and how Microsoft Office loads images in Office programs by setting the "Allow List" in the registry.
For more information about Microsoft Security Advisory MS10-105, click the following article number to view the article in the Microsoft Knowledge Base:
MS10-105: Vulnerability in Microsoft Office could allow for remote code execution
The security update applies to the Microsoft Access, Microsoft Excel, Microsoft FrontPage, Microsoft OneNote, Microsoft PowerPoint, Microsoft Publisher, and Microsoft Word programs that are listed in the "Applies to" section.
By default, the following graphic filters are enabled and do not require a registry subkey change after you apply the security update:
- Bitmap (.bmp)
- Encapsulated PostScript (.eps)
- Graphics Interchange Format (.gif)
- Joint Photographic Experts Group (.jpg, .jpeg)
- Macintosh PICT (.pict)
- Portable Network Graphics (.png)
Latest version numbers for the graphic filters
The following table lists the latest version numbers
for the graphic filters together with the Microsoft Office version to which they apply.Note
This table lists the English file versions only.
Collapse this tableExpand this table
|Type||Description||File included in Office 2013||File included in Office 2010||File included in the 2007 Office system||File included in Office 2003||File included in Office XP|
|EPS||EPSIMP32.FLT||No version ||2006.1200.4518.1000||2006.1200.4518.1000||2003.1100.8314.0||2003.1100.8314.0|
|GIF||GIFIMP32.FLT||No version ||2003.1100.8327.0||2003.1100.8327.0|
|JPG||JPEGIM32.FLT||No version ||2003.1100.8327.0||2003.1100.8327.0|
|PICT||PICTIM32.FLT||No version ||2006.1200.4518.1000||2006.1200.4518.1000||2003.1100.8249.0||2003.1100.8249.0|
|PNG||PNG32.FLT||No version ||2003.1100.8329.0||2003.1100.8329.0|
|WPG||WPGIMP32.FLT||No version ||2006.1200.4518.1000||2006.1200.4518.1000||2003.1100.8202.0||2003.1100.8202.0|
How to enable the graphics filter "Allow List"Warning
This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
The "Allow List" and the enabled graphic filters can be set manually for a single computer or by using a Group Policy setting.
The graphic filters that you need to enable must be added to the following registry subkeys:
For a single computer:
For a single computer that is running a 64-bit operating system:
For a Group Policy setting:
To enable the "Allow List" for graphic filters, the AllowListEnabled value must be set to 1. To disable the "Allow List," the AllowListEnabled value must be set to 0.Note
If the AllowListEnabled value does not exist, you must create it as a REG_DWORD type.
When the AllowListEnabled value is enabled, you can specify the list of graphic filters to enable by adding the graphic filters as a string value with the name FILTER.FLT (where FILTER.FLT is replaced with the actual name of the filter) together with the version number of the filter. The filter version number must use the following format:
When you set the AllowListEnabled value to 1, the default list of enabled graphic filters is removed. To re-enable the default graphic filters and add the CGMIMP32.FLT graphic filter, you must specify them in the "Allow List."
The following table shows an example of the "Allow List" that contains the default graphic filters together with the CGMIMP32.FLT graphic filter:
Collapse this tableExpand this table
|(Default)||REG_SZ||(value not set)|