From 4760fba6bc2082d32ab05ba10131fa4f694730fa Mon Sep 17 00:00:00 2001
From: decalage2 <decalage@laposte.net>
Date: Fri, 3 Apr 2020 19:08:53 +0200
Subject: [PATCH] clsid: added CLSID for PDF files, fixes #552

---
 oletools/common/clsid.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/oletools/common/clsid.py b/oletools/common/clsid.py
index 4d12c579..54548d2d 100644
--- a/oletools/common/clsid.py
+++ b/oletools/common/clsid.py
@@ -12,7 +12,7 @@
 
 #=== LICENSE ==================================================================
 
-# oletools are copyright (c) 2018-2019 Philippe Lagadec (http://www.decalage.info)
+# oletools are copyright (c) 2018-2020 Philippe Lagadec (http://www.decalage.info)
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without modification,
@@ -43,7 +43,7 @@
 # 2018-04-18       PL: - added known-bad CLSIDs from Cuckoo sandbox (issue #290)
 # 2018-05-08       PL: - added more CLSIDs (issues #299, #304), merged and sorted
 
-__version__ = '0.54'
+__version__ = '0.56'
 
 
 # REFERENCES:
@@ -157,6 +157,7 @@
     '996BF5E0-8044-4650-ADEB-0B013914E99C': 'MSCOMCTL.ListViewCtrl (may trigger CVE-2012-0158)',
     'A08A033D-1A75-4AB6-A166-EAD02F547959': 'otkloadr WRAssembly Object (can be used to bypass ASLR after triggering an exploit)',
     'B54F3741-5B07-11CF-A4B0-00AA004A55E8': 'vbscript.dll - VB Script Language (ProgID: VBS, VBScript)',
+    'B801CA65-A1FC-11D0-85AD-444553540000': 'Adobe Acrobat Document - PDF file',
     'BDD1F04B-858B-11D1-B16A-00C0F0283628': 'MSCOMCTL.ListViewCtrl (may trigger CVE-2012-0158)',
     'C08AFD90-F2A1-11D1-8455-00A0C91F3880': 'ShellBrowserWindow',
     'C62A69F0-16DC-11CE-9E98-00AA00574A4F': 'Forms.Form',