This repository was archived by the owner on Nov 9, 2020. It is now read-only.
This repository was archived by the owner on Nov 9, 2020. It is now read-only.
OLE2: Filter based on Root Class ID #23
Description
Embedded OLE files are a threat. We know it.
But some Office Addins depend on them.
Sample legitimate classid: 3EAB3858-A0E0-4A3B-A405-F4D525E85265, D52B1FA2-1EF8-4035-9DA6-8AD0F40267A1
Useful links:
name = "office_vuln_guid"
description = "GUIDs known to be associated with a CVE were requested (may be False Positive)"
severity = 3
categories = ["office"]
authors = ["Niels Warnars @ Cuckoo Technologies"]
minimum = "2.0"
bad_guids = {
"BDD1F04B-858B-11D1-B16A-00C0F0283628": "CVE-2012-0158",
"996BF5E0-8044-4650-ADEB-0B013914E99C": "CVE-2012-0158",
"C74190B6-8589-11d1-B16A-00C0F0283628": "CVE-2012-0158",
"9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E": "CVE-2012-0158",
"1EFB6596-857C-11D1-B16A-00C0F0283628": "CVE-2012-1856",
"66833FE6-8583-11D1-B16A-00C0F0283628": "CVE-2012-1856",
"1EFB6596-857C-11D1-B16A-00C0F0283628": "CVE-2013-3906",
"DD9DA666-8594-11D1-B16A-00C0F0283628": "CVE-2014-1761",
"00000535-0000-0010-8000-00AA006D2EA4": "CVE-2015-0097",
"0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC": "CVE-2015-0097",
"05741520-C4EB-440A-AC3F-9643BBC9F847": "CVE-2015-1641",
"A08A033D-1A75-4AB6-A166-EAD02F547959": "CVE-2015-1641",
"F4754C9B-64F5-4B40-8AF4-679732AC0607": "CVE-2015-1641",
"4C599241-6926-101B-9992-00000B65C6F9": "CVE-2015-2424",
"44F9A03B-A3EC-4F3B-9364-08E0007F21DF": "CVE-2015-2424",