Commit ca08ea6ba5ac91caa185033b746b1f0aa3416b04
1 parent
a7309e59
Added detection for CVE-2017-11882 in 'rtfobj'
Showing
1 changed file
with
5 additions
and
0 deletions
oletools/rtfobj.py
| @@ -897,6 +897,11 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -897,6 +897,11 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 897 | if rtfobj.class_name == b'OLE2Link': | 897 | if rtfobj.class_name == b'OLE2Link': |
| 898 | ole_color = 'red' | 898 | ole_color = 'red' |
| 899 | ole_column += '\nPossibly an exploit for the OLE2Link vulnerability (VU#921560, CVE-2017-0199)' | 899 | ole_column += '\nPossibly an exploit for the OLE2Link vulnerability (VU#921560, CVE-2017-0199)' |
| 900 | + # Detect Equation Editor exploit | ||
| 901 | + # https://www.kb.cert.org/vuls/id/421280/ | ||
| 902 | + elif rtfobj.class_name.lower() == b'equation.3': | ||
| 903 | + ole_color = 'red' | ||
| 904 | + ole_column += '\nPossibly an exploit for the Equation Editor vulnerability (VU#421280, CVE-2017-11882)' | ||
| 900 | else: | 905 | else: |
| 901 | ole_column = 'Not a well-formed OLE object' | 906 | ole_column = 'Not a well-formed OLE object' |
| 902 | tstream.write_row(( | 907 | tstream.write_row(( |