Jump to content

oletools v0.53


Recommended Posts

2018-05-30 v0.53:
- olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML files (aka Flat OPC format)
- improved support for VBA forms in olevba (oleform)
- rtfobj now displays the CLSID of OLE objects, which is the best way to identify them. Known-bad CLSIDs such as MS Equation Editor are highlighted in red.
- Updated rtfobj to handle obfuscated RTF samples.
- rtfobj now handles the "\'" obfuscation trick seen in recent samples such as https://twitter.com/buffaloverflow/status/989798880295444480, by emulating the MS Word bug described in https://securelist.com/disappearing-bytes/84017/
- msodde: improved detection of DDE formulas in CSV files
- oledir now displays the tree of storage/streams, along with CLSIDs and their meaning.
- common.clsid contains the list of known CLSIDs, and their links to CVE vulnerabilities when relevant.
- oleid now detects encrypted OpenXML files
- fixed bugs in oleobj, rtfobj, oleid, olevba


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...