Commit fe4e9c3159f514bb90a7d0a549aff9d3e7591029
1 parent
77c4bc82
readme: updated for 0.53
Showing
1 changed file
with
13 additions
and
11 deletions
README.md
| ... | ... | @@ -18,28 +18,30 @@ See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/o |
| 18 | 18 | [Contact the Author](http://decalage.info/contact) - |
| 19 | 19 | [Repository](https://github.com/decalage2/oletools) - |
| 20 | 20 | [Updates on Twitter](https://twitter.com/decalage2) |
| 21 | +[Cheatsheet](https://github.com/decalage2/oletools/blob/master/cheatsheet/oletools_cheatsheet.pdf) | |
| 21 | 22 | |
| 22 | 23 | Note: python-oletools is not related to OLETools published by BeCubed Software. |
| 23 | 24 | |
| 24 | 25 | News |
| 25 | 26 | ---- |
| 26 | 27 | |
| 27 | -- **2018-02-18 v0.52**: | |
| 28 | +- **2018-05-30 v0.53**: | |
| 29 | + - olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML files (aka Flat OPC format) | |
| 30 | + - improved support for VBA forms in olevba (oleform) | |
| 31 | + - rtfobj now displays the CLSID of OLE objects, which is the best way to identify them. Known-bad CLSIDs such as MS Equation Editor are highlighted in red. | |
| 32 | + - Updated rtfobj to handle obfuscated RTF samples. | |
| 33 | + - rtfobj now handles the "\\'" obfuscation trick seen in recent samples such as https://twitter.com/buffaloverflow/status/989798880295444480, by emulating the MS Word bug described in https://securelist.com/disappearing-bytes/84017/ | |
| 34 | + - msodde: improved detection of DDE formulas in CSV files | |
| 35 | + - oledir now displays the tree of storage/streams, along with CLSIDs and their meaning. | |
| 36 | + - common.clsid contains the list of known CLSIDs, and their links to CVE vulnerabilities when relevant. | |
| 37 | + - oleid now detects encrypted OpenXML files | |
| 38 | + - fixed bugs in oleobj, rtfobj, oleid, olevba | |
| 39 | +- 2018-02-18 v0.52: | |
| 28 | 40 | - New tool [msodde](https://github.com/decalage2/oletools/wiki/msodde) to detect and extract DDE links from MS Office files, RTF and CSV; |
| 29 | 41 | - Fixed bugs in olevba, rtfobj and olefile, to better handle malformed/obfuscated files; |
| 30 | 42 | - Performance improvements in olevba and rtfobj; |
| 31 | 43 | - VBA form parsing in olevba; |
| 32 | 44 | - Office 2007+ support in oleobj. |
| 33 | -- 2017-06-29 v0.51: | |
| 34 | - - added the [oletools cheatsheet](https://github.com/decalage2/oletools/blob/master/cheatsheet/oletools_cheatsheet.pdf) | |
| 35 | - - improved [rtfobj](https://github.com/decalage2/oletools/wiki/rtfobj) to handle malformed RTF files, detect vulnerability CVE-2017-0199 | |
| 36 | - - olevba: improved deobfuscation and Mac files support | |
| 37 | - - [mraptor](https://github.com/decalage2/oletools/wiki/mraptor): added more ActiveX macro triggers | |
| 38 | - - added [DocVarDump.vba](https://github.com/decalage2/oletools/blob/master/oletools/DocVarDump.vba) to dump document variables using Word | |
| 39 | - - olemap: can now detect and extract [extra data at end of file](http://decalage.info/en/ole_extradata), improved display | |
| 40 | - - oledir, olemeta, oletimes: added support for zip files and wildcards | |
| 41 | - - many [bugfixes](https://github.com/decalage2/oletools/milestone/3?closed=1) in all the tools | |
| 42 | - - improved Python 2+3 support | |
| 43 | 45 | |
| 44 | 46 | See the [full changelog](https://github.com/decalage2/oletools/wiki/Changelog) for more information. |
| 45 | 47 | ... | ... |