From 82fd5de806a4e730475e0201f9dd59fe9666320e Mon Sep 17 00:00:00 2001
From: decalage2 <decalage@laposte.net>
Date: Tue, 12 Oct 2021 23:52:33 +0200
Subject: [PATCH] oleobj: added simple detection of CVE-2021-40444 initial stage

---
 oletools/oleobj.py | 2 ++
 1 file changed, 2 insertions(+), 0 deletions(-)

diff --git a/oletools/oleobj.py b/oletools/oleobj.py
index c53d85e..08b33fe 100644
--- a/oletools/oleobj.py
+++ b/oletools/oleobj.py
@@ -761,6 +761,8 @@ def process_file(filename, data, output_dir=None):
         for relationship, target in find_external_relationships(xml_parser):
             did_dump = True
             print("Found relationship '%s' with external link %s" % (relationship, target))
+            if target.startswith('mhtml:'):
+                print("Potential exploit for CVE-2021-40444")
 
     # look for ole files inside file (e.g. unzip docx)
     # have to finish work on every ole stream inside iteration, since handles
--
libgit2 0.21.4