Description

Sourcefire OFFICE CAT v2 is a Microsoft Office File Checker. It will check for various vulnerabilities in Office documents:

OCID	Vulnerability	Type	Description
1	CVE-2006-2492	Word
2	CVE-2006-4534	Word
3	CVE-2006-3493	Word
4	CVE-2006-5994, MS07-014	Word
5	CVE-2006-6456	Word
6	CVE-2006-6561	Word
7	CVE-2006-1301	Excel
8	CVE-2006-1306	Excel
9	CVE-2006-1308	Excel
10	CVE-2006-3086	Excel
11	CVE-2006-3431	Excel
12	CVE-2006-3875, MS06-059	Excel
13	CVE-2006-3864, MS06-062	Excel
14	CVE-2006-3656	PowerPoint
15	CVE-2006-3876	PowerPoint
16	CVE-2006-4694	PowerPoint
17	CVE-2006-3590	PowerPoint
18	CVE-2006-1540	Office
19	CVE-2006-0001	Word
21	CVE-2007-0027, MS07-002	Excel	BIFF atom: IMDATA
22	CVE-2007-0031, MS07-002	Excel	Malformed Pallete Record
23	CVE-2007-0030, MS07-002	Excel	Bad Column offset
24	CVE-2007-0515	Word
25	CVE-2006-3014	Office
26	CVE-2007-0671, MS07-015	Excel	Malformed Record - 2 different vulns are attributed to this CVE
27	CVE-2006-3877, MS07-015	PowerPoint
28	CVE-2006-3432, MS07-002	Excel	Malformed Record - Reserved subtype used in flawed record
29	CVE-2006-3865, MS07-002	Excel	Malformed Image Data record
30	CVE-2006-4700, MS07-002	Excel	Bad column offset - Caught as CVE-2007-0030
31	CVE-2006-4701, MS07-002	Excel	Malformed SST record
32	CVE-2006-5995, MS07-002	Excel	CCV greater than 56
33	CVE-2007-1214, MS07-023	Excel	Malformed AUTOFILTER Record
34	CVE-2007-3030, MS07-036	Excel	Malformed WorkSpace Record
35	CVE-2007-3029, MS07-036	Excel	Malformed WINDOW1 Record
36	CVE-2007-1756, MS07-036	Excel	Malformed Version Field in BOF Record
37	CVE-2007-1203, MS07-023	Excel	Malformed Version Field in BOF Record
38	CVE-2008-0081, MS08-014	Excel	Bad record ordering
39	CVE-2008-0114, MS08-014	Excel	Invalid style index
40	CVE-2008-0111, MS08-014	Excel	Improper DVal
41	CVE-2008-0115, MS08-014	Excel	Missplaced rtVal record
42	CVE-2008-0116, MS08-014	Excel
43	CVE-2008-0118, MS08-016	PowerPoint	Malformed background shape
44	CVE-2008-0117, MS08-014	Excel	Malformed CF record
45	CVE-2008-1088, MS08-018	Project	Malformed pointer
46	CVE-2008-0119, MS08-027	Publisher	Worst bug ever discovered
47	CVE-2008-1455, MS08-051	PowerPoint	Malformed Asian language atom
48	CVE-2008-0320	Office	OpenOffice Flaw: lowSize is negative.
49	CVE-2008-2244, MS08-042	Word	Invalid smarttags structure size
50	CVE-2008-3004, MS08-043	Excel	Malformed AXP record
51	CVE-2008-3005, MS08-043	Excel	Malformed FORMAT record
52	CVE-2008-0120, MS08-051	PowerPoint	Malformed Drawing Group container
53	CVE-2008-0121, MS08-051	PowerPoint	Malformed complex FOPTE atom
54	CVE-2008-3006, MS08-043	Excel	Malformed COUNTRY record - May also indicate CVE-2008-4266
55	CVE-2008-3471, MS08-057	Excel	Malformed FRTWrapper record
56	CVE-2008-4019, MS08-057	Excel	Use of a potentially dangerous formula function
57	CVE-2008-4024, MS08-072	Word	Malformed LFO structure
58	CVE-2008-4026, MS08-072	Word	Malformed PRL structure
59	CVE-2008-4264, MS08-074	Excel	Oversized ft field in OBJ record
60	CVE-2008-4266, MS08-074	Excel	Malformed name index in LBL record
61	CVE-2008-4837, MS08-072	Word	Malformed PRL structure
62	CVE-2008-4841, MS08-000	Word	Malformed size in XST structure - Attacks wordpad converter

Download

Download link: http://www.snort.org/downloads/461

Usage

Syntax

Usage: officecat.exe [-list] <filename>

Options

-list: lists known vulnerabilities by OCID, CVE, and MS number

Example

C:\tools\officecat>officecat.exe Olimpikge.xls
Sourcefire OFFICE CAT v2
* Microsoft Office File Checker *

Processing Olimpikge.xls
VULNERABLE
        OCID: 51
        CVE-2008-3005
        MS08-043
        Type: Excel
        Malformed FORMAT record

Limitations

The vulnerability database is incomplete, as shown on the below example:

C:\tools\officecat>officecat.exe TestYourMind.ppt
Sourcefire OFFICE CAT v2
* Microsoft Office File Checker *

Processing TestYourMind.ppt
SAFE File.

Comments

Officecat

Contents

Description

Download

Usage

Syntax

Options

Example

Limitations

Comments

Share your opinion

Navigation menu

Officecat

Description

Download

Usage

Syntax

Options

Example

Limitations

Comments

Share your opinion

Navigation menu

Search