Commit 734446fbe73a4eebeb01c6516194ff51417a35f7
Committed by
GitHub
GitHub
Merge pull request #393 from halos/master
Added detection for Equations Editor (CVE-2017-11882) in 'rtfobj'
Showing
1 changed file
with
5 additions
and
0 deletions
oletools/rtfobj.py
| @@ -904,6 +904,11 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -904,6 +904,11 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 904 | if rtfobj.class_name == b'OLE2Link': | 904 | if rtfobj.class_name == b'OLE2Link': |
| 905 | ole_color = 'red' | 905 | ole_color = 'red' |
| 906 | ole_column += '\nPossibly an exploit for the OLE2Link vulnerability (VU#921560, CVE-2017-0199)' | 906 | ole_column += '\nPossibly an exploit for the OLE2Link vulnerability (VU#921560, CVE-2017-0199)' |
| 907 | + # Detect Equation Editor exploit | ||
| 908 | + # https://www.kb.cert.org/vuls/id/421280/ | ||
| 909 | + elif rtfobj.class_name.lower() == b'equation.3': | ||
| 910 | + ole_color = 'red' | ||
| 911 | + ole_column += '\nPossibly an exploit for the Equation Editor vulnerability (VU#421280, CVE-2017-11882)' | ||
| 907 | else: | 912 | else: |
| 908 | ole_column = 'Not a well-formed OLE object' | 913 | ole_column = 'Not a well-formed OLE object' |
| 909 | tstream.write_row(( | 914 | tstream.write_row(( |