Workflow

Oletools

Latest version: v0.60.1

Safety actively analyzes 618849 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 3

0.60.1

- olevba:
- fixed a bug when calling XLMMacroDeobfuscator (PR 737)
- removed keyword "sample" causing false positives
- oleid: fixed OleID init issue (issue 695, PR 696)
- oleobj:
- added simple detection of CVE-2021-40444 initial stage
- added detection for customUI onLoad
- improved handling of incorrect filenames in OLE package (PR 451)
- rtfobj: fixed code to find URLs in OLE2Link objects for Py3 (issue 692)
- ftguess:
- added PowerPoint and XPS formats (PR 716)
- fixed issue with XPS and malformed documents (issue 711)
- added XLSB format (issue 758)
- improved logging with common module log_helper (PR 449)

More details about fixed issues and improvements in 0.60: https://github.com/decalage2/oletools/milestone/10?closed=1

0.60

- **2021-06-02 v0.60**:
- ftguess: new tool to identify file formats and containers (issue 680)
- oleid: (issue 679)
- each indicator now has a risk level
- calls ftguess to identify file formats
- calls olevba+mraptor to detect and analyse VBA+XLM macros
- olevba:
- when XLMMacroDeobfuscator is available, use it to extract and deobfuscate XLM macros
- rtfobj:
- use ftguess to identify file type of OLE Package (issue 682)
- fixed bug in re_executable_extensions
- crypto: added PowerPoint transparent password '/01Hannes Ruescher/01' (issue 627)
- setup: XLMMacroDeobfuscator, xlrd2 and pyxlsb2 added as optional dependencies

More details about fixed issues and improvements in 0.60: https://github.com/decalage2/oletools/milestone/10?closed=1

0.56.2

- **2021-05-07 v0.56.2**:
- olevba:
- updated plugin_biff to v0.0.22 to fix a bug (issues 647, 674)
- olevba, mraptor:
- added detection of Workbook_BeforeClose (issue 518)
- rtfobj:
- fixed bug when OLE package class name ends with null characters (issue 507, PR 648)
- oleid:
- fixed bug in check_excel (issue 584, PR 585)
- clsid:
- added several CLSIDs related to MS Office click-to-run issue CVE-2021-27058
- added checks to ensure that all CLSIDs are uppercase (PR 678)

More details about fixed issues and improvements in 0.56: https://github.com/decalage2/oletools/milestone/9?closed=1

0.56.1

- **2021-04-02 v0.56.1**:
- olevba:
- fixed bug when parsing some malformed files (issue 629)
- oleobj:
- fixed bug preventing detection of links 'externalReference', 'frame',
'hyperlink' (issue 641, PR 670)
- setup:
- avoid installing msoffcrypto-tool when platform is PyPy+Windows (issue 473)
- PyPI version is now a wheel package to improve installation and avoid antivirus
false positives due to test files (issues 215, 398)

More details about fixed issues and improvements in 0.56: https://github.com/decalage2/oletools/milestone/9?closed=1

0.56

- **2020-09-28 v0.56**:
- olevba/mraptor:
- added detection of trigger _OnConnecting
- olevba:
- updated plugin_biff to v0.0.17 to improve Excel 4/XLM macros parsing
- added simple analysis of Excel 4/XLM macros in XLSM files (PR 569)
- added detection of template injection (PR 569)
- added detection of many suspicious keywords (PR 591 and 569, see https://www.certego.net/en/news/advanced-vba-macros/)
- improved MHT detection (PR 532)
- added --no-xlm option to disable Excel 4/XLM macros parsing (PR 532)
- fixed bug when decompressing raw chunks in VBA (issue 575)
- fixed bug with email package due to monkeypatch for MHT parsing (issue 602, PR 604)
- fixed option --relaxed (issue 596, PR 595)
- enabled relaxed mode by default (issues 477, 593)
- fixed detect_vba_macros to always return VBA code as
unicode on Python 3 (issues 455, 477, 587, 593)
- replaced option --pcode by --show-pcode and --no-pcode,
replaced optparse by argparse (PR 479)
- oleform: improved form parsing (PR 532)
- oleobj: "Ole10Native" is now case insensitive (issue 541)
- clsid: added PDF (issue 552), Microsoft Word Picture (issue 571)
- ppt_parser: fixed bug on Python 3 (issues 177, 607, PR 450)

How to install with pip: https://github.com/decalage2/oletools/wiki/Install

0.55

- olevba:
- added support for SLK files and XLM macro extraction from SLK
- VBA Stomping detection
- integrated pcodedmp to extract and disassemble P-code
- detection of suspicious keywords and IOCs in P-code
- new option --pcode to display P-code disassembly
- improved detection of auto execution triggers
- rtfobj: added URL carver for CVE-2017-0199
- better handling of unicode for systems with locale that does not support UTF-8, e.g. LANG=C (PR 365)
- tests:
- test files can now be encrypted, to avoid antivirus alerts (PR 217, issue 215)
- tests that trigger antivirus alerts have been temporarily disabled (issue 215)

How to install with pip: https://github.com/decalage2/oletools/wiki/Install

Page 1 of 3

Links

Releases

Has known vulnerabilities

Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.