OfficeCat is a command line utility that can be used to process Microsoft Office Documents for the presence of potential exploit conditions in the file.
The tool is used on Windows systems and is provided as a binary executable.
- Feature requests
- Bug reports
If you use OfficeCat and can help with any of the above items, please send feature requests and bug reports to the Sourcefire VRT at firstname.lastname@example.org. All Postcards and beer can be sent to:
9780 Patuxent Woods Drive
Columbia, MD 21045 USA
If you have Malware to share, please contact the VRT at the above email address for instructions on how to get it to us.
Thanks for using OfficeCat.
- Unzip the archive
- Open a command shell
- Execute the tool executable with a document name for checking
Sample results for a vulnerable document are shown below:
C:\>officecat.exe ATest.doc Sourcefire OFFICE CAT v2 * Microsoft Office File Checker * Processing ATest.doc VULNERABLE OCID: 5 CVE-2006-6456 Type: Word
OfficeCat for Windows
Download (OfficeCat.zip) - 03 Nov, 2010
OfficeCat for Linux
Download (officecat-wine.tgz) - 03 Nov, 2010
The Linux build of Officecat, is built from our latest internal source tree against wine 0.9.9-0 ubuntu2.
There are some warnings generated by wine's implementation of StgOpenStorageEx during file process, but these do not hamper functionality. These warnings can be safely ignored.
The warnings are sent to STDOUT and look something akin to this:
fixme:storage:StgOpenStorageEx Stub: calling StgOpenStorage, but ignoring pStgOptions and grfAttrs