OfficeCat
OfficeCat is a command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file.
The tool is used on Windows systems and is provided as a binary executable.
Things needed
- Feature requests
- Bug reports
- Malware
- Postcards
- Beer
If you use OfficeCat and can help with any of the above items, please send feature requests and bug reports to the Sourcefire VRT at vrt@sourcefire.com. All Postcards and beer can be sent to:
Sourcefire VRT
9780 Patuxent Woods Drive
Columbia, MD 21045 USA
If you have Malware to share, please contact the VRT at the above email address for instructions on how to get it to us.
Thanks for using OfficeCat.
Usage
- Unzip the archive
- Open a command shell
- Execute the tool executable with a document name for checking
Sample results for a vulnerable document are shown below:
C:\>officecat.exe ATest.doc
Sourcefire OFFICE CAT v2
* Microsoft Office File Checker *
Processing ATest.doc
VULNERABLE
OCID: 5
CVE-2006-6456
Type: Word
OfficeCat for Windows
Download OfficeCat for Windows
OfficeCat for Linux
Note:
The Linux build of Officecat, is built from our latest internal source tree against wine 0.9.9-0 ubuntu2.
There are some warnings generated by wine's implementation of StgOpenStorageEx during file process, but these do not hamper functionality. These warnings can be safely ignored.
The warnings are sent to STDOUT and look something akin to this:
fixme:storage:StgOpenStorageEx Stub: calling StgOpenStorage, but ignoring pStgOptions and grfAttrs
