Hi There,
How Aspose.word or Aspose.excel detect this content in word or excel file? which seems to be vulnerable.
!Unexpected End of Formula
if you right click on above content and and select Toggle Field codes then you get this:
{DDEAUTO c:\windows\system32\cmd.exe “/k calc.exe”}
Thanks,
-Surendra
Thanks for your inquiry. Please ZIP and attach your input Word and Excel documents here for our reference. We will then provide you more information on this along with code.
Thanks for sharing the document. The FieldDdeAuto class implements the DDEAUTO field. You can read the DDEAUTO field using Aspose.Words. Please check the following code example. Hope this helps you.
Document document = new Document(MyDir + "DDEAUTO.docx");
foreach (Field field in document.Range.Fields)
{
if (field.Type == FieldType.FieldDDEAuto)
{
Console.WriteLine(field.GetFieldCode());
Console.WriteLine(field.Result);
}
}
Thanks for your response and solution but .Range is not recognized properties. We are using 15.5.0.0 version of Aspose.Words.dll.
We have another problem in excel file also as well. If you open that file…there is auto popup. how to detect that?
Thanks,
-Surendra
File is attached here.
ExcelRunCalc1.zip (6.1 KB)
Hi,
Its my bad, i was checking in Aspose.Pdf class. I found that Range class in Aspose.Word in the mean time can you please give me the solution of Excel file?
Thanks,
-Surendra
Thanks for considering Aspose APIs.
Please let us know the step by step instructions that you follow in Microsoft Excel to achieve this. It will help us look into this issue more closely and precisely and we will be able to provide you a sample code. Thanks for your cooperation in this regard and have a good day.
Hi There,
We are not allowed to upload excel document which has “=cmd|’ /C calc’!A0” text in any cell of excel file. This is considered as vulnerable
again here is the text in the xls file and how to detect that from Aspose.Cells ?
=cmd|’ /C calc’!A0
Thanks,
ExcelRunCalc1.zip (6.1 KB)
Thanks for using Aspose APIs.
There is something different in your Excel file. When I put the text
=cmd|’ /C calc’!A0
in cell A1, nothing happens. But when I open your Excel file i.e. ExcelRunCalc1.xlsx, I saw the text in cell A1 and it starts the application i.e. Calculator.
I want to know how do you create such an Excel file. Please let us know the steps to create it so that we look into this issue closely and log it in our database for a fix.
Open the Excel app
New (CTRL+N)
type this =cmd|' /c calc'!A0
Save it and make sure that you Enable the Content when you open.
file_png.PNG (26.1 KB)
Thanks,
Thanks for using Aspose APIs.
We were able to observe this issue and logged it in our database for investigation and for a fix. Once, the issue is resolved or we have some other news for you, we will update you asap.
This issue has been logged as
C#
Workbook wb = new Workbook("cmd.xlsx");
Worksheet ws = wb.Worksheets[0];
//Not found inside this collection
var o = wb.Worksheets.ExternalLinks;
Download Link:
Sample Excel File.zip (12.1 KB)
Screenshot:
Thanks for considering Aspose APIs.
Please use the Cell.Formula property and then check if the formula is DDE by yourself.
Thanks for your response…
Cell.Formula - need to visit each cell in entire sheet to validate that formula right?
Do you have any other solution? in sheet level or work book itself to find out that type of formula?
One more thing…how to detect macro in word document?
this is the code and “macrofile.docx” has macro
Aspose.Words.Document document = new Aspose.Words.Document(“macrofile.docx”);
bool macro = document.HasMacros;
the file has macro…but document.HasMacros properties is false.
this link Document.HasMacros | Aspose.Words for .NET says only for Aspose.Words (in Aspose.Words.dll) Version: 18.2. Is this correct? Downloaded 18.2.0.0 but still showing false.
Please advise. (we are using Aspose.Words version 17.8.0.0)
Thanks,
-Surendra
Thanks for considering Aspose.Cells APIs.
We will add DDE link in Workbook.Worksheets.ExternalLinks as mentioned in CELLSNET-45888.
For Aspose.Words questions, please use Aspose.Words forum.
Thanks for using Aspose APIs.
This is to inform you that we have fixed your issue CELLSNET-45888 now. We will soon provide the fix after performing QA and including other enhancements and fixes.
Thanks for using Aspose APIs.
Please download and try the following fix and let us know your feedback.
The issues you have found earlier (filed as CELLSNET-45888) have been fixed in this Aspose.Cells for .NET 18.2 update.
Please also check the following article:
its ridiculous the rest of the community can’t download things in this topic
Since you are not the owner of the thread, so you might not download the attachment. If you need to download Aspose.Cells version(s), you may download it from the Downloads section:
Let us know if we can be of any further help.