1
2
3
4
5
6 from _winreg import HKEY_CURRENT_USER
7
8 from lib.common.abstracts import Package
9
11 """Word analysis package."""
12 PATHS = [
13 ("ProgramFiles", "Microsoft Office", "WINWORD.EXE"),
14 ("ProgramFiles", "Microsoft Office", "Office10", "WINWORD.EXE"),
15 ("ProgramFiles", "Microsoft Office", "Office11", "WINWORD.EXE"),
16 ("ProgramFiles", "Microsoft Office", "Office12", "WINWORD.EXE"),
17 ("ProgramFiles", "Microsoft Office", "Office14", "WINWORD.EXE"),
18 ("ProgramFiles", "Microsoft Office", "Office15", "WINWORD.EXE"),
19 ("ProgramFiles", "Microsoft Office", "Office16", "WINWORD.EXE"),
20 ("ProgramFiles", "Microsoft Office 15", "root", "office15", "WINWORD.EXE"),
21 ("ProgramFiles", "Microsoft Office", "root", "Office16", "WINWORD.EXE"),
22 ("ProgramFiles", "Microsoft Office", "WORDVIEW.EXE"),
23 ]
24
25 REGKEYS = [
26 [
27 HKEY_CURRENT_USER,
28 "Software\\Microsoft\\Office\\12.0\\Common\\General",
29 {
30
31 "ShownOptIn": 1,
32 },
33 ],
34 [
35 HKEY_CURRENT_USER,
36 "Software\\Microsoft\\Office\\12.0\\Word\\Security",
37 {
38
39 "VBAWarnings": 1,
40 "AccessVBOM": 1,
41
42
43
44
45
46 "ExtensionHardening": 0,
47 },
48 ],
49 [
50 HKEY_CURRENT_USER,
51 "Software\\Microsoft\\Office\\16.0\\Word\\Security",
52 {
53
54 "VBAWarnings": 1,
55 "AccessVBOM": 1,
56 },
57 ],
58 ]
59
61 word = self.get_path("Microsoft Office Word")
62 return self.execute(
63 word, args=[path], mode="office", trigger="file:%s" % path
64 )
65