New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set self.type, self.is_macro_enabled, self.is_template from document content, not extension #12

Open

rammy22 opened this issue Apr 14, 2017 · 0 comments

rammy22 commented Apr 14, 2017

Hi,

In my opinion there are 2 flaws with extracting self.type, self.is_macro_enabled, self.is_template from the extension:

when running the tool on malicious files, one usually keeps the document names as per its d5/sha1/sha256, so officedissector will just fail because of no recognized extension
the macro-enabled extensions indicate that the file may contain macros, not that it does contain.

You can check http://www.decalage.info/files/JCV07_Lagadec_OpenDocument_OpenXML_v4_decalage.pdf for an interesting security assessment.
Marian

naegelejd mentioned this issue

Parses and exposes the Document, Extended, Custom Properties of the Document #10

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment