-
Since we already parse the Xml file before when looking for external links in the relationships, we can reuse the parser to avoid iterating files twice.
-
By using ooxml we can iterate it through the XML files searching for external links in documents relationships.
-
The enumerate() function returns a 2-tuple with the second element being a 3-tuple.
-
From tests, these controls are in fact possible to see in the f stream. Their childs will be part of sub stream, with a path containing the id of the object
-
Padded structures are in fact lazily padded: the pad is only applied when needed, not immediately. For example considering the following struct: ``` | a (1B, opt) | b (1B, opt) | c (1B, opt) | d (1B, opt) | | ... pad ... | | e (4B, opt) | | f (2B, opt) | ... pad ...| ``` If only a and f are present (all other optional parts not used), the actual content will be: | a (1B) | pad (1B) | f (2B) | The previous implementation resulted in: | a (1B) | pad (3B) | f (2B) | pad (2B) | which shifted the whole structure and failed...
-
Update clsid.py
-
ref: https://support.office.com/en-us/article/flash-silverlight-and-shockwave-controls-blocked-in-office-2016-55738f12-a01d-420e-a533-7cef1ff6aeb1
-
Csv formula extension
-
Update clsid.py (CVE-2018-8174)
-
CVE-2018-8174: https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/ Uses the same technique as CVE-2017-0199 in the RTF document. URL Moniker ---> Media Negotiation(server returns content-type: text/html, CVE-2017-0199 server returns content-type: application/hta, which was already blocked by "IActivationFilter" in MSO.DLL) ---> HTML triggers a vulnerability in vbscript.dll(CVE-2018-8174)
-
remove a duplicated key
-
oleid: detect OpenXML encryption