Object Linking & Embedding (OLE) is a proprietary technology developed by Microsoft that allows transferring data between different applications using drag and drop and clipboard operations. This can be used to execute code on the target but requires user interaction.
Drag and drop any Windows executable or native script (BAT, JScript, VBScript) in a Word document to completely embed the file within the document. User will need to double click on the OLE object to trigger the execution.
- Right Click on OLE object
- Packager Shell Object Object
- Change Icon
- Choose your icon
The following file types have been validated to work well to execute code:
- Bat + any of the Windows execution methods
- Windows Executable
Use deceptive techniques to trick the user to double-click on the OLE object and trigger execution.
HKCU\Software\Microsoft\Office\<Office Version>\<Office application>\Security\PackagerPrompt registry key controls Office OLE object execution.
||No prompt from Office when user clicks, object executes|
||Prompt from Office when user clicks, object executes|
||No prompt, object does not execute|