>rtfobj cve-2025-21298-poc.rtf -l debug
rtfobj 0.60.1 on Python 3.13.11 - http://decalage.info/python/oletools
THIS IS WORK IN PROGRESS - Check updates regularly!
Please report any issue at https://github.com/decalage2/oletools/issues
===============================================================================
File: 'cve-2025-21298-poc.rtf' - size: 221 bytes
---+----------+---------------------------------------------------------------
id |index |OLE Object
---+----------+---------------------------------------------------------------
DEBUG b'object' is a destination control word: starting a new destination at index 7h
DEBUG b'objclass' is a destination control word: starting a new destination at index 38h
DEBUG b'objdata' is a destination control word: starting a new destination at index 4Ah
DEBUG *** Start object data at index 52h
DEBUG *** Close object data at index D8h
DEBUG OLE version=00000501 - Format ID=00000002
DEBUG Class name=b'StaticDib' - Topic name='' - Item name=''
DEBUG Declared data size=4 - remaining size=26
DEBUG *** Not an OLE 1.0 Object
0 |00000052h |format_id: 2 (Embedded)
| |class name: b'StaticDib'
| |data size: 4
| |MD5 = 'f1d3ff8443297732862df21dc4e57262'
---+----------+---------------------------------------------------------------
references:
In the PoC RTF file, the OLE object has a class name
StaticDibbut no CLSID. Moreover, the object is not a well-formed OLE 1.0 object, and its data is only 4 bytes: