Commit 82fd5de806a4e730475e0201f9dd59fe9666320e
1 parent
04c57a22
oleobj: added simple detection of CVE-2021-40444 initial stage
Showing
1 changed file
with
2 additions
and
0 deletions
oletools/oleobj.py
| @@ -761,6 +761,8 @@ def process_file(filename, data, output_dir=None): | @@ -761,6 +761,8 @@ def process_file(filename, data, output_dir=None): | ||
| 761 | for relationship, target in find_external_relationships(xml_parser): | 761 | for relationship, target in find_external_relationships(xml_parser): |
| 762 | did_dump = True | 762 | did_dump = True |
| 763 | print("Found relationship '%s' with external link %s" % (relationship, target)) | 763 | print("Found relationship '%s' with external link %s" % (relationship, target)) |
| 764 | + if target.startswith('mhtml:'): | ||
| 765 | + print("Potential exploit for CVE-2021-40444") | ||
| 764 | 766 | ||
| 765 | # look for ole files inside file (e.g. unzip docx) | 767 | # look for ole files inside file (e.g. unzip docx) |
| 766 | # have to finish work on every ole stream inside iteration, since handles | 768 | # have to finish work on every ole stream inside iteration, since handles |