Commit d17b08f3595ccaefdbcd37ffb584a6303b5680b3
1 parent
694cdd02
olevba: added autoexec keywords for MS Publisher (.pub) - issues #84, #85
Showing
1 changed file
with
11 additions
and
1 deletions
oletools/olevba.py
| ... | ... | @@ -12,6 +12,7 @@ Supported formats: |
| 12 | 12 | - PowerPoint 97-2003 (.ppt), PowerPoint 2007+ (.pptm, .ppsm) |
| 13 | 13 | - Word 2003 XML (.xml) |
| 14 | 14 | - Word/Excel Single File Web Page / MHTML (.mht) |
| 15 | +- Publisher (.pub) | |
| 15 | 16 | |
| 16 | 17 | Author: Philippe Lagadec - http://www.decalage.info |
| 17 | 18 | License: BSD, see source code or documentation |
| ... | ... | @@ -180,6 +181,7 @@ https://github.com/unixfreak0037/officeparser |
| 180 | 181 | # 2016-07-29 CH: - fixed several bugs including #73 (Mac Roman encoding) |
| 181 | 182 | # 2016-08-31 PL: - added autoexec keyword InkPicture_Painted |
| 182 | 183 | # - detect_autoexec now returns the exact keyword found |
| 184 | +# 2016-09-05 PL: - added autoexec keywords for MS Publisher (.pub) | |
| 183 | 185 | |
| 184 | 186 | __version__ = '0.50' |
| 185 | 187 | |
| ... | ... | @@ -439,7 +441,7 @@ ATTR_NAME = NS_W + 'name' |
| 439 | 441 | AUTOEXEC_KEYWORDS = { |
| 440 | 442 | # MS Word: |
| 441 | 443 | 'Runs when the Word document is opened': |
| 442 | - ('AutoExec', 'AutoOpen', 'Document_Open', 'DocumentOpen'), | |
| 444 | + ('AutoExec', 'AutoOpen', 'DocumentOpen'), | |
| 443 | 445 | 'Runs when the Word document is closed': |
| 444 | 446 | ('AutoExit', 'AutoClose', 'Document_Close', 'DocumentBeforeClose'), |
| 445 | 447 | 'Runs when the Word document is modified': |
| ... | ... | @@ -447,11 +449,19 @@ AUTOEXEC_KEYWORDS = { |
| 447 | 449 | 'Runs when a new Word document is created': |
| 448 | 450 | ('AutoNew', 'Document_New', 'NewDocument'), |
| 449 | 451 | |
| 452 | + # MS Word and Publisher: | |
| 453 | + 'Runs when the Word or Publisher document is opened': | |
| 454 | + ('Document_Open',), | |
| 455 | + 'Runs when the Publisher document is closed': | |
| 456 | + ('Document_BeforeClose',), | |
| 457 | + | |
| 450 | 458 | # MS Excel: |
| 451 | 459 | 'Runs when the Excel Workbook is opened': |
| 452 | 460 | ('Auto_Open', 'Workbook_Open', 'Workbook_Activate'), |
| 453 | 461 | 'Runs when the Excel Workbook is closed': |
| 454 | 462 | ('Auto_Close', 'Workbook_Close'), |
| 463 | + | |
| 464 | + # any MS Office application: | |
| 455 | 465 | 'Runs when the file is opened (using InkPicture ActiveX object)': |
| 456 | 466 | # ref:https://twitter.com/joe4security/status/770691099988025345 |
| 457 | 467 | (r'\w+_Painted',), | ... | ... |