Microsoft Office – OLE Packager allows code execution in all Office versions, with macros disabled and high security templates applied

Posted by Kevin Beaumont on Jul 02

All,

OLE Packager is a feature introduced in Windows 3.1, which ran “up to”
Windows XP: https://en.wikipedia.org/wiki/Object_Linking_and_Embedding

It is still present in every version of Microsoft Office, on every Windows
OS.

It allows you to embed any file into Office documents. It is also very
dangerous and there is no way to disable it.

To test, open Word 2010/2013 and select Insert -> Object -> Create from
File, and drop…

007 Software