OfficeCat

OfficeCat is a command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file.

The tool is used on Windows systems and is provided as a binary executable.

Things needed

1. Feature requests
2. Bug reports
3. Malware
4. Postcards
5. Beer

If you use OfficeCat and can help with any of the above items, please send feature requests and bug reports to the Sourcefire VRT at vrt@sourcefire.com. All Postcards and beer can be sent to:
Sourcefire VRT
9780 Patuxent Woods Drive
Columbia, MD 21045
USA

If you have Malware to share, please contact the VRT at the above email address for instructions on how to get it to us.

Thanks for using OfficeCat.

Usage

1. Unzip the archive
2. Open a command shell
3. Execute the tool executable with a document name for checking

Sample results for a vulnerable document are shown below:

C:\>officecat.exe ATest.doc
Sourcefire OFFICE CAT v2
* Microsoft Office File Checker *

Processing ATest.doc
VULNERABLE
        OCID: 5
        CVE-2006-6456
        Type: Word

OfficeCat tool download

OfficeCat for Windows

download zip archive of OfficeCat for Windows here

OfficeCat for Linux

download archive of OfficeCat for Linux here

Note:
The Linux build of Officecat, is built from our latest internal source tree against wine 0.9.9-0ubuntu2.
There are some warnings generated by wine's implementation of StgOpenStorageEx during file process, but these do not hamper functionality. These warnings can be safely ignored.
The warnings are sent to STDOUT and look something akin to this:

 fixme:storage:StgOpenStorageEx Stub: calling StgOpenStorage, but ignoring pStgOptions and grfAttrs

Vulnerabilities Checked by OfficeCat

CVE Entries:

Microsoft Advisories: