How to Detect Documents with OLE Embedded Links and Objects using JavaScript

Cloudmersive
2 min readJun 28, 2023

--

The object linking and embedding feature found in Office documents can be exploited by threat actors as a way to spread malware and viruses. Given how common Office documents are — and how innocuous embedded objects and links can appear in those documents — there’s a serious risk that downstream document viewers will access this content and trigger remote code execution.

Using the below JavaScript code, you can take advantage of a free-to-use API which automatically detects OLE content within a document, reporting its findings in the API response body (via the “ContainsOleEmbeddedObject” Boolean). This API simultaneously checks files for millions of virus and malware threats, providing 360-degree content protection in a single request.

To structure your API call, copy the below code and provide a free-tier Cloudmersive API key to authenticate your request:

var data = new FormData();
data.append("inputFile", fileInput.files[0], "file");

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
console.log(this.responseText);
}
});

xhr.open("POST", "https://api.cloudmersive.com/virus/scan/file/advanced");
xhr.setRequestHeader("allowExecutables", "<boolean>");
xhr.setRequestHeader("allowInvalidFiles", "<boolean>");
xhr.setRequestHeader("allowScripts", "<boolean>");
xhr.setRequestHeader("allowPasswordProtectedFiles", "<boolean>");
xhr.setRequestHeader("allowMacros", "<boolean>");
xhr.setRequestHeader("allowXmlExternalEntities", "<boolean>");
xhr.setRequestHeader("allowInsecureDeserialization", "<boolean>");
xhr.setRequestHeader("allowHtml", "<boolean>");
xhr.setRequestHeader("restrictFileTypes", "<string>");

xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");

xhr.send(data);

The API response will look something like this:

{
"CleanResult": true,
"ContainsExecutable": true,
"ContainsInvalidFile": true,
"ContainsScript": true,
"ContainsPasswordProtectedFile": true,
"ContainsRestrictedFileFormat": true,
"ContainsMacros": true,
"ContainsXmlExternalEntities": true,
"ContainsInsecureDeserialization": true,
"ContainsHtml": true,
"ContainsUnsafeArchive": true,
"ContainsOleEmbeddedObject": true,
"VerifiedFileFormat": "string",
"FoundViruses": [
{
"FileName": "string",
"VirusName": "string"
}
],
"ContentInformation": {
"ContainsJSON": true,
"ContainsXML": true,
"ContainsImage": true,
"RelevantSubfileName": "string"
}
}

Just like that, you’ll get excellent protection for your file uploads and downloads in a single API request.

--

--

Cloudmersive
Cloudmersive

Written by Cloudmersive

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

No responses yet