View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002096 | libextractor | plugins | public | 2012-01-21 17:57 | 2012-01-26 20:37 |
| Reporter | Christian Grothoff | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | new | Resolution | open | ||
| Product Version | Git master | ||||
| Summary | 0002096: extract user name from file protection records in MS office formats | ||||
| Description | Section 4.19 says something about a user name for write access in Excel documents (see attached file). This would be something useful to extract (as well as the rest of the access permission information). | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
|
|
http://msdn.microsoft.com/en-us/library/cc313118.aspx |
|
|
Also of interest are the 2.3.3.2 OLE Property sets (in [MS-OSHARED].pdf in the zip file from the page linked above). We might be getting some of those already, couldn't hurt to double-check though. The following subsections (up to 2.3.3.2.3.2) are also interesting. 2.3.3.1.1 PropertySetSystemIdentifier might also give a bit of information (OS). |
|
|
I wonder if the applicationCIsid in the DocumentSummaryInfoStream (page 146 in the above-mentioned document) is really always all-zeros, or if there is a unique identifier for the Office installation in there. We should check... This page http://support.microsoft.com/kb/240794 would seem to give a way to find the CISID of locally installed apps. Given that bit pattern, we could then just check if a file created on the system contains the pattern at all (this might depend on the specific Office version, maybe only older versions used this?). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-01-21 17:57 | Christian Grothoff | New Issue | |
| 2012-01-21 17:57 | Christian Grothoff | File Added: excelfileformat.pdf | |
| 2012-01-21 18:28 | Christian Grothoff | Note Added: 0005331 | |
| 2012-01-21 19:34 | Christian Grothoff | Note Added: 0005332 | |
| 2012-01-21 19:37 | Christian Grothoff | Note Edited: 0005332 | |
| 2012-01-21 19:39 | Christian Grothoff | Note Edited: 0005332 | |
| 2012-01-21 19:42 | Christian Grothoff | Note Added: 0005333 | |
| 2012-01-21 19:45 | Christian Grothoff | Note Edited: 0005333 | |
| 2012-01-26 20:37 | Christian Grothoff | Severity | block => feature |
