Description
Affected tool:
rtfobj
Describe the bug
Executed rtfobj on an .rtf document. Output of the second OLE object was this:
-+------------+---------------------------------------------------------------
|0017A418h |format_id: 2 (Embedded)
| |class name: b'Equation.3'
| |data size: 3072
| |MD5 = '4e927f8c06b8e814b995a57e53deddd0'
| |CLSID: 20E02C00-0000-0000-0C00-000000000004
| |unknown CLSID (please report at
| |https://github.com/decalage2/oletools/issues)
| |Possibly an exploit for the Equation Editor vulnerability
| |(VU#421280, CVE-2017-11882)
-+------------+---------------------------------------------------------------
File/Malware sample to reproduce the bug
Any.run: https://app.any.run/tasks/f28cc848-9fa4-4801-ac99-762f9571989a
MD5: 9ef6d8fbf3263f6305b95ae44799a8cd
How To Reproduce the bug
rtfobj Angola.rtf
Expected behavior
Output of rtfobj Angola.rtf would not have any red error text.
Console output / Screenshots
If applicable, add screenshots to help explain your problem.
Use the option "-l debug" to add debugging information, if possible.
Version information:
- OS: Windows 10
- OS version: 64 bits
- Python version: 3.12.0
- oletools version: rtfobj 0.60.1
Additional context
Add any other context about the problem here.