1
2
3
4
5
6 from _winreg import HKEY_CURRENT_USER
7
8 from lib.common.abstracts import Package
9
11 """PowerPoint analysis package."""
12 PATHS = [
13 ("ProgramFiles", "Microsoft Office", "POWERPNT.EXE"),
14 ("ProgramFiles", "Microsoft Office", "Office10", "POWERPNT.EXE"),
15 ("ProgramFiles", "Microsoft Office", "Office11", "POWERPNT.EXE"),
16 ("ProgramFiles", "Microsoft Office", "Office12", "POWERPNT.EXE"),
17 ("ProgramFiles", "Microsoft Office", "Office14", "POWERPNT.EXE"),
18 ("ProgramFiles", "Microsoft Office", "Office15", "POWERPNT.EXE"),
19 ("ProgramFiles", "Microsoft Office", "Office16", "POWERPNT.EXE"),
20 ("ProgramFiles", "Microsoft Office 15", "root", "office15", "POWERPNT.EXE"),
21 ]
22
23 REGKEYS = [
24 [
25 HKEY_CURRENT_USER,
26 "Software\\Microsoft\\Office\\12.0\\Common\\General",
27 {
28
29 "ShownOptIn": 1,
30 },
31 ],
32 [
33 HKEY_CURRENT_USER,
34 "Software\\Microsoft\\Office\\12.0\\Powerpoint\\Security",
35 {
36
37 "VBAWarnings": 1,
38 "AccessVBOM": 1,
39
40
41
42
43
44 "ExtensionHardening": 0,
45 },
46 ],
47 ]
48
50 powerpoint = self.get_path("Microsoft Office PowerPoint")
51 return self.execute(
52 powerpoint, args=["/S", path], mode="office",
53 trigger="file:%s" % path
54 )
55