oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Describe the bug
A clear and concise description of what the bug is.
File/Malware sample to reproduce the bug
e7f997778ca54b87eb4109d6d4bd5a905e8261ad410a088daec7f3f695bb8189
How To Reproduce the bug
1- rtfobj filename
2- Extract object using rtfdump and then use rtfobj to extract oleobject
Expected behavior
The rft file exploit CVE-2017-11882 and the exception is to extract the ole object.
Console output / Screenshots
File: 'e7f997778ca54b87eb4109d6d4bd5a905e8261ad410a088daec7f3f695bb8189' - size: 7327957 bytes
---+----------+---------------------------------------------------------------
id |index |OLE Object
---+----------+---------------------------------------------------------------
DEBUG Start object data at index 4F2100h
DEBUG \bin: reading 111111111111111111111111 bytes of binary data
DEBUG Group Level = 6, closing group
DEBUG Group Level = 5, closing group
DEBUG Group Level = 4, closing group
DEBUG Group Level = 3, closing group
DEBUG Close object data at index 1787586C4FA8A06B9306h
DEBUG OLE version=7D7D7D01 - Format ID=20203530
DEBUG *** Not an OLE 1.0 Object
DEBUG Group Level = 2, closing group
DEBUG Group Level = 1, closing group
0 |004F2100h |Not a well-formed OLE object
---+----------+---------------------------------------------------------------
Version information:
OS: Ubuntu
OS version: 64 bits
oletools version: oletools-0.54.dev12
Additional context
Add any other context about the problem here.
Affected tool: rtfobj
Describe the bug A clear and concise description of what the bug is.
File/Malware sample to reproduce the bug e7f997778ca54b87eb4109d6d4bd5a905e8261ad410a088daec7f3f695bb8189
How To Reproduce the bug 1- rtfobj filename 2- Extract object using rtfdump and then use rtfobj to extract oleobject
Expected behavior The rft file exploit CVE-2017-11882 and the exception is to extract the ole object.
Console output / Screenshots
File: 'e7f997778ca54b87eb4109d6d4bd5a905e8261ad410a088daec7f3f695bb8189' - size: 7327957 bytes ---+----------+--------------------------------------------------------------- id |index |OLE Object
---+----------+--------------------------------------------------------------- DEBUG Start object data at index 4F2100h DEBUG \bin: reading 111111111111111111111111 bytes of binary data DEBUG Group Level = 6, closing group DEBUG Group Level = 5, closing group DEBUG Group Level = 4, closing group DEBUG Group Level = 3, closing group DEBUG Close object data at index 1787586C4FA8A06B9306h DEBUG OLE version=7D7D7D01 - Format ID=20203530 DEBUG *** Not an OLE 1.0 Object DEBUG Group Level = 2, closing group DEBUG Group Level = 1, closing group 0 |004F2100h |Not a well-formed OLE object
---+----------+---------------------------------------------------------------
Version information:
Additional context Add any other context about the problem here.