Microsoft Security Advisory: Microsoft Office File Validation for Office 2003, 2007 Office, and Office 2010: April 12, 2011

Introduction

Office File Validation (OFV) is a security feature that was introduced in Microsoft Office 2010. Office File Validation verifies that a particular binary file complies with the application’s expectations. Office File Validation can help prevent unknown binary file format attacks against Microsoft Office 97-2003 file formats.

When you open Microsoft Office 97-2003 binary file (such as .doc) the file is compared to a binary schema. If the file fails this validation, you are notified that the document could be considered to be compromised. In Office 2003 and in the 2007 Office system, you are prompted about the file status and can decide to cancel opening the file or to continue to open the file.

More Information

To help protect your computer from risk, we recommend that you do not open files that you receive as email message attachments, especially if the messages arrive unexpectedly. Additionally, do not open files that you receive as attachments if the files are from a person who is unknown to you.

For Enterprise customers visit the following TechNet webpage:

Install Office File Validation

Prerequisites

To install Office File Validation, you must have the following prerequisites:

Install Office File Validation

The following file is available for download from the Microsoft Download Center:

Download Download the Office File Validation package now.

Release Date: April 12, 2011

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Known issues with Office File Validation

  • Files that were created in Microsoft Excel 2.0, Microsoft Excel 3.0, or Microsoft Excel 4.0 will fail validation when you use Office File Validation in Office 2003.
  • Solver.xla will fail validation when you use Office File Validation in Office 2003.
  • When you paste lots of charts or points of data into an Office 2003 document, the paste function may take a long time to complete while Office File Validation tries to validate the new data.
  • Opening files from a network share that have many charts or points of data will take longer to open in Office 2003.

    For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:
    2570623 Excel 2003 Office File Validation (OFV) opens workbooks slower across the network

Default Behavior

When you try to open a Word, Excel, PowerPoint, or Publisher 97-2003 file, and that file fails Office File Validation, you receive the following warning:

Office File Validation detected a problem while trying to open this file. Opening it may be dangerous.



Resolution


For Office 2010

You can manually set the registry entries by using the following values:
Value: DisableEditFromPV
Type: REG_DWORD
Default value: 0
Description: When Office File Validations fails
0 = Enable Edit in Protected View.
1 = Disable Edit in Protected View.
Add the DisableEditFromPV REG_DWORD to any or all the following registry subkeys to disable Edit in Protected View in Office 2010:
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Security\FileValidation
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\PowerPoint\Security\FileValidation
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Security\FileValidation

For the 2007 Microsoft Office system and Office 2003

You can manually set the registry entries by using the following values:

Value: InvalidFileUIOptions
Type: REG_DWORD
Default value: 0
Description: When Office File Validations fails
0 = Notify user file failed. Give user the option to load the file or not
1 = Notify user file failed. No option to load the file.
For the 2007 Microsoft Office system
Add the InvalidFileUIOptions REG_DWORD to any or all the following registry subkeys for Office File Validation in 2007 Microsoft Office system:

HKEY_CURRENT_USER\Software \Microsoft\Office\12.0\Excel\Security\FileValidation
HKEY_CURRENT_USER\Software \Microsoft\Office\12.0\Word\Security\FileValidation
HKEY_CURRENT_USER\Software \Microsoft\Office\12.0\PowerPoint\Security\FileValidation
For Office 2003
Add the InvalidFileUIOptions REG_DWORD to any or all the following registry subkeys for Office File Validation in Office 2003:
HKEY_CURRENT_USER\Software \Microsoft\Office\11.0\Excel\Security\FileValidation
HKEY_CURRENT_USER\Software \Microsoft\Office\11.0\Word\Security\FileValidation
HKEY_CURRENT_USER\Software \Microsoft\Office\11.0\PowerPoint\Security\FileValidation
Properties

Article ID: 2501584 - Last Review: Aug 5, 2016 - Revision: 1

Feedback