From 45db768096945ce5a17fa64a836761235a0069cb Mon Sep 17 00:00:00 2001 From: decalage2 Date: Wed, 4 Dec 2019 01:04:39 +0100 Subject: [PATCH] olevba: slight bugfix for VBA stomping detection, bumped to 0.55.1 --- oletools/olevba.py | 10 +++++----- setup.py | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/oletools/olevba.py b/oletools/olevba.py index f767208..37dab67 100644 --- a/oletools/olevba.py +++ b/oletools/olevba.py @@ -225,7 +225,7 @@ from __future__ import print_function # 2019-09-24 PL: - included DridexUrlDecode into olevba (issue #485) # 2019-12-03 PL: - added support for SLK files and XLM macros in SLK -__version__ = '0.55' +__version__ = '0.55.1' #------------------------------------------------------------------------------ # TODO: @@ -3570,8 +3570,8 @@ class VBA_Parser(object): :return: VBA P-code disassembly :rtype: str """ - # Only run on OLE files - if self.type != TYPE_OLE: + # Text and SLK files cannot be stomped: + if self.type in (TYPE_SLK, TYPE_TEXT): self.pcodedmp_output = '' return '' # only run it once: @@ -3632,8 +3632,8 @@ class VBA_Parser(object): :return: True if VBA stomping detected, False otherwise :rtype: bool """ - # Only run on OLE files - if self.type != TYPE_OLE: + # Text and SLK files cannot be stomped: + if self.type in (TYPE_SLK, TYPE_TEXT): self.vba_stomping_detected = False return False # only run it once: diff --git a/setup.py b/setup.py index aafaa49..70ae972 100644 --- a/setup.py +++ b/setup.py @@ -52,7 +52,7 @@ import os, fnmatch #--- METADATA ----------------------------------------------------------------- name = "oletools" -version = '0.55' +version = '0.55.1' desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" long_desc = open('oletools/README.rst').read() author = "Philippe Lagadec" -- libgit2 0.21.4