-
Update clsid.py (CVE-2018-8174)
-
CVE-2018-8174: https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/ Uses the same technique as CVE-2017-0199 in the RTF document. URL Moniker ---> Media Negotiation(server returns content-type: text/html, CVE-2017-0199 server returns content-type: application/hta, which was already blocked by "IActivationFilter" in MSO.DLL) ---> HTML triggers a vulnerability in vbscript.dll(CVE-2018-8174)
-
remove a duplicated key
-
oleid: detect OpenXML encryption
-
msodde: Determine when error condition actually is one
-
msodde would sometimes complain that something should be an error condition. Determined that most of these are not and raise proper error for those that really are an error.
-
Fix AttributeError: 'str' object has no attribute 'decode'.
-
extract_macros() returns vba_code as bytes or string (string only for OpenXML/PPT -- open_text() decodes bytes to string). This way it is already implemented in process_file() and process_file_json(). Sample hash: 586DB43601FB55E89E67DFE569E1E9983779722ED47A8E1F23ADF54D04D3DF4B
-
Update oledir.py
-
Use only module-specific logger in the ppt_parser module.
-
Only one logger should be used. Using logger of the main application prevents from disabling ppt_parser log messages, ppt_parser-specific logger can be controlled via enable_logging().
-
Improve detect_flash Python 3 compatibility
-
Some of them are not known bad, so removed. "New Moniker" is usually embedded in the "MonikerArray" field of the Composite Moniker, so if Composite Moniker is not parsed, no need to check if this moniker exists. HTA Moniker, Script/Scriptlet Moniker will not appear in documents. These are loaded by checking the "content-type" from the remote server("Media Negotiate" procedure) or extension names from the file("GetClassFile" function), or just from the registry.
-
…dded python version to banner.
-
Fix always enabled logging in PptParser.