1
2
3
4
5
6 from _winreg import HKEY_CURRENT_USER
7
8 from lib.common.abstracts import Package
9
11 """Word analysis package."""
12 PATHS = [
13 ("ProgramFiles", "Microsoft Office", "MSPUB.EXE"),
14 ("ProgramFiles", "Microsoft Office", "Office10", "MSPUB.EXE"),
15 ("ProgramFiles", "Microsoft Office", "Office11", "MSPUB.EXE"),
16 ("ProgramFiles", "Microsoft Office", "Office12", "MSPUB.EXE"),
17 ("ProgramFiles", "Microsoft Office", "Office14", "MSPUB.EXE"),
18 ("ProgramFiles", "Microsoft Office", "Office15", "MSPUB.EXE"),
19 ("ProgramFiles", "Microsoft Office", "Office16", "MSPUB.EXE"),
20 ("ProgramFiles", "Microsoft Office 15", "root", "office15", "MSPUB.EXE"),
21 ("ProgramFiles", "Microsoft Office", "root", "Office16", "MSPUB.EXE"),
22 ]
23
24 REGKEYS = [
25 [
26 HKEY_CURRENT_USER,
27 "Software\\Microsoft\\Office\\12.0\\Publisher\\Security",
28 {
29
30 "VBAWarnings": 1,
31 "AccessVBOM": 1,
32
33
34
35
36
37 "ExtensionHardening": 0,
38 },
39 ],
40 [
41 HKEY_CURRENT_USER,
42 "Software\\Microsoft\\Office\\15.0\\Publisher\\Security",
43 {
44
45 "VBAWarnings": 1,
46 "AccessVBOM": 1,
47
48
49
50
51
52 "ExtensionHardening": 0,
53 },
54 ],
55 [
56 HKEY_CURRENT_USER,
57 "Software\\Microsoft\\Office\\16.0\\Publisher\\Security",
58 {
59
60 "VBAWarnings": 1,
61 "AccessVBOM": 1,
62 },
63 ],
64 ]
65
67 publisher = self.get_path("Microsoft Office Publisher")
68 return self.execute(
69 publisher, args=["/o", path], mode="office", trigger="file:%s" % path
70 )
71