Office OLE

Object Linking & Embedding (OLE) is a proprietary technology developed by Microsoft that allows transferring data between different applications using drag and drop and clipboard operations. This can be used to execute code on the target but requires user interaction.


Drag and drop any Windows executable or native script (BAT, JScript, VBScript) in a Word document to completely embed the file within the document. User will need to double click on the OLE object to trigger the execution.


Change Icon
  1. Right Click on OLE object
  2. Packager Shell Object Object
  3. Convert
  4. Change Icon
  5. Browse
  6. Select C:\Windows\System32\imageres.dll
  7. Choose your icon



The following file types have been validated to work well to execute code:


Use deceptive techniques to trick the user to double-click on the OLE object and trigger execution.


Document**: 2019-Employee-Benefits-ole.doc**


The HKCU\Software\Microsoft\Office\<Office Version>\<Office application>\Security\PackagerPrompt registry key controls Office OLE object execution.

Key Value Description
0 No prompt from Office when user clicks, object executes
1 Prompt from Office when user clicks, object executes
2 No prompt, object does not execute

Note on <Office Version>:

<Office Version> Description
16.0 Office 2016
15.0 Office 2013
14.0 Office 2010
12.0 Office 2007