Peter M. Groen / oletools

Commit fe4e9c3159f514bb90a7d0a549aff9d3e7591029

Authored by decalage2
1 parent 77c4bc82

readme: updated for 0.53

Inline Side-by-side
Showing 1 changed file with 13 additions and 11 deletions
README.md
  View file @fe4e9c3
@@ -18,28 +18,30 @@ See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/o @@ -18,28 +18,30 @@ See [http://www.decalage.info/python/oletools](http://www.decalage.info/python/o
18 [Contact the Author](http://decalage.info/contact) - 18 [Contact the Author](http://decalage.info/contact) -
19 [Repository](https://github.com/decalage2/oletools) - 19 [Repository](https://github.com/decalage2/oletools) -
20 [Updates on Twitter](https://twitter.com/decalage2) 20 [Updates on Twitter](https://twitter.com/decalage2)
  21 +[Cheatsheet](https://github.com/decalage2/oletools/blob/master/cheatsheet/oletools_cheatsheet.pdf)
21 22
22 Note: python-oletools is not related to OLETools published by BeCubed Software. 23 Note: python-oletools is not related to OLETools published by BeCubed Software.
23 24
24 News 25 News
25 ---- 26 ----
26 27
27 -- **2018-02-18 v0.52**: 28 +- **2018-05-30 v0.53**:
  29 + - olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML files (aka Flat OPC format)
  30 + - improved support for VBA forms in olevba (oleform)
  31 + - rtfobj now displays the CLSID of OLE objects, which is the best way to identify them. Known-bad CLSIDs such as MS Equation Editor are highlighted in red.
  32 + - Updated rtfobj to handle obfuscated RTF samples.
  33 + - rtfobj now handles the "\\'" obfuscation trick seen in recent samples such as https://twitter.com/buffaloverflow/status/989798880295444480, by emulating the MS Word bug described in https://securelist.com/disappearing-bytes/84017/
  34 + - msodde: improved detection of DDE formulas in CSV files
  35 + - oledir now displays the tree of storage/streams, along with CLSIDs and their meaning.
  36 + - common.clsid contains the list of known CLSIDs, and their links to CVE vulnerabilities when relevant.
  37 + - oleid now detects encrypted OpenXML files
  38 + - fixed bugs in oleobj, rtfobj, oleid, olevba
  39 +- 2018-02-18 v0.52:
28 - New tool [msodde](https://github.com/decalage2/oletools/wiki/msodde) to detect and extract DDE links from MS Office files, RTF and CSV; 40 - New tool [msodde](https://github.com/decalage2/oletools/wiki/msodde) to detect and extract DDE links from MS Office files, RTF and CSV;
29 - Fixed bugs in olevba, rtfobj and olefile, to better handle malformed/obfuscated files; 41 - Fixed bugs in olevba, rtfobj and olefile, to better handle malformed/obfuscated files;
30 - Performance improvements in olevba and rtfobj; 42 - Performance improvements in olevba and rtfobj;
31 - VBA form parsing in olevba; 43 - VBA form parsing in olevba;
32 - Office 2007+ support in oleobj. 44 - Office 2007+ support in oleobj.
33 -- 2017-06-29 v0.51:  
34 - - added the [oletools cheatsheet](https://github.com/decalage2/oletools/blob/master/cheatsheet/oletools_cheatsheet.pdf)  
35 - - improved [rtfobj](https://github.com/decalage2/oletools/wiki/rtfobj) to handle malformed RTF files, detect vulnerability CVE-2017-0199  
36 - - olevba: improved deobfuscation and Mac files support  
37 - - [mraptor](https://github.com/decalage2/oletools/wiki/mraptor): added more ActiveX macro triggers  
38 - - added [DocVarDump.vba](https://github.com/decalage2/oletools/blob/master/oletools/DocVarDump.vba) to dump document variables using Word  
39 - - olemap: can now detect and extract [extra data at end of file](http://decalage.info/en/ole_extradata), improved display  
40 - - oledir, olemeta, oletimes: added support for zip files and wildcards  
41 - - many [bugfixes](https://github.com/decalage2/oletools/milestone/3?closed=1) in all the tools  
42 - - improved Python 2+3 support  
43 45
44 See the [full changelog](https://github.com/decalage2/oletools/wiki/Changelog) for more information. 46 See the [full changelog](https://github.com/decalage2/oletools/wiki/Changelog) for more information.
45 47