Microsoft Security Bulletin MS03-050

Microsoft Security Bulletin MS03-050 Print

Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)
Issued: November 11, 2003
Version: 1.0

See all Office bulletins released November, 2003

Summary
Who should read this document: Customers who are using Microsoft® Excel or Microsoft Word

Impact of vulnerability: Run code of attackers choice

Maximum Severity Rating: Important

Recommendation: Customers who are using the affected versions of Microsoft Excel or Microsoft Word should apply the appropriate security update at the earliest opportunity.

Security Update Replacement Excel: This patch replaces the security patches contained in the following bulletins: MS01-050, MS02-031 and MS02-059.

Security Update Replacement Word: This patch replaces the security patches contained in the following bulletins: MS02-021, MS02-031, MS02-059 and MS03-035.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

Microsoft Excel 97 - Download the update
Microsoft Excel 2000 - Download the update
Microsoft Excel 2002 - Download the update
Microsoft Word 97 - Download the update
Microsoft Word 98(J) - Download the update
Microsoft Word 2000 and Microsoft Works Suite 2001 - Download the update
Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004 - Download the update
Non Affected Software:

Microsoft Office Word 2003
Microsoft Office Excel 2003
The software listed above has been tested to determine if the versions are affected. Other versions are no longer supported, and may or may not be affected.

Technical Details
Technical description:

A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set. The malicious macro could then take the same actions that the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.

A security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed. If successfully exploited, an attacker could then take the same actions as the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.

Mitigating factors:

If a user of Office 97 or Office 2000 has installed the Office Documentation Open Confirm Tool, the user will always get a “file open” warning dialog box when trying to open an Office document using Internet Explorer. For Office XP and Office System 2003 this “file open” warning dialog box is enabled by default.
These vulnerabilities could only be exploited by an attacker who persuaded a user to open a malicious file – there is no way for an attacker to force a user to open a malicious file.
Severity Rating:

Microsoft Excel 97 Important
Microsoft Excel 2000 Important
Microsoft Excel 2002 Important
Microsoft Word 97 Important
Microsoft Word 98(J) Important
Microsoft Word 2000 Important
Microsoft Word 2002 Important
Microsoft Works Suite 2001 Important
Microsoft Works Suite 2002 Important
Microsoft Works Suite 2003 Important
Microsoft Works Suite 2004 Important

The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.

Vulnerability identifier Word: CAN-2003-0820

Vulnerability identifier Excel: CAN-2003-0821

Workarounds
Due to the fact that this vulnerability bypasses the built-in macro security, the best workaround if you are unable to deploy the update is to not open documents from un-trusted sources.

Frequently Asked Questions
What is a macro?
Generally, the term macro refers to a small program that automates frequently-performed tasks in an operating system or in a program. For example, many members of the Office family of products support the use of macros. This allows companies to develop macros that perform as sophisticated productivity tools that run in Word, in Excel, or in other programs.

Like any computer program, macros can be misused. To combat this threat, Office has a security model that is designed to make sure that macros can only run when the user wants them to run.

What might an attacker use these vulnerabilities to do?
If successfully exploited, an attacker could cause code of their choice to run with additional privileges on the system. This could allow the attacker to add, delete or modify data on the system, or take any other action of the attacker’s choice.

Who could exploit these vulnerabilities?
Any user who could entice another user to open a specially-crafted document can attempt to exploit these vulnerabilities.

How could an attacker exploit these vulnerabilities?
An attacker could seek to exploit either of these vulnerabilities by creating a specially-crafted document that contains malicious code. The attacker could then send this to a user, typically through an e-mail message, and then persuade the user to open the file. An attacker could also host the specially-crafted document on a network share or on a Web site; however, the attacker would still need to persuade the user to open the document.

Microsoft Works Suite is listed as a vulnerable product – why?
Microsoft Works Suite includes Microsoft Word. Microsoft Works users should use Office Update at: http://www.office.microsoft.com/ProductUpdates/default.aspx to detect and to install the appropriate update.

CAN-2003-0821: Excel Macro Vulnerability

What’s the scope of the vulnerability in Microsoft Excel?
The Excel vulnerability could enable an attacker to create a spreadsheet that, when opened, could allow an XLM (Excel 4) macro to run regardless of the macro security level. Macros can take any action that the user can take, and as a result this vulnerability could allow an attacker to take actions such as changing data, communicating with Web sites, reformatting the hard disk, or changing the security settings in the application.

What causes the vulnerability in Microsoft Excel?
This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. As a result the user will not be prompted with a macro security warning even when macros are present in the file.

What's wrong with the way Excel handles macro security?
Because of the way Excel reads and assesses macro security when a file is opened, under certain circumstances, macro security checks could be bypassed.

What does the update for Microsoft Excel do?
The update addresses the vulnerability by modifying the way that Excel performs macro security checks before opening a file.

CAN-2003-0820: Word Buffer Overrun Vulnerability

What’s the scope of the vulnerability in Microsoft Word?
The Word buffer overrun vulnerability could enable an attacker to create a word document containing a Macro that, if successfully exploited, could allow an attacker to then take the same actions as the user had permissions to carry out - such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.

What causes the vulnerability in Microsoft Word?
The vulnerability is the result of ithe way Word validates of the length of a data value (Macro names) embedded in a document. If successfully exploited an attacker could then take the same actions as the user had permissions to carry out-- such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.

What's wrong with the way Word handles input buffers?
Because of the way Word validates the length of an input buffer, under certain circumstances, this validation could lead to a buffer overrun.

What does the update for Microsoft Word do?
The update corrects the buffer overrun by properly validating the input buffer before opening a file.

Security Update Information
For information about the specific security update for your platform, click the appropriate link:

For Microsoft Works Suite 2001 use the Word 2000 section
For Microsoft Works Suite 2002, 2003 and 2004 update use the Word 2002 section

Microsoft Excel 97
Prerequisites Client Update

This security update requires Office 97 Service Release 2

Inclusion in future service packs:

This update will be included in any future service packs for Office 97

Installation Information for the Client Update:

This security update supports the following Setup switches:

These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.

/q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path Specifies the target folder for extracting files.

/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path Specifies the path and name of the Setup .inf or .exe file.

/r:n Never restarts the computer after installation.

/r:I Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a Always restarts the computer after installation.

/r:s Restarts the computer after installation without prompting the user.

/n:v No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

For more information, see the Internet Explorer Administration Kit (IEAK).

Deployment Information

Download the Excel 97 Security Update
Click Save to save the Office97-KB830356-ENU.exe file to the selected folder.
In Windows Explorer, double-click Office97-KB830356-ENU.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
Insert your Office 97 CD-ROM when you are prompted to do so, and then click OK.
When you receive a message that indicates the installation was successful, click OK.
Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 97, and then install it again from the original CD-ROM.

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

File name Size Date File Version
Excel.exe 5,621,248 10/26/2003 8.0.1.9904
Scanload.dll 36,864 10/26/2003 8.2.0.9904

Verifying Update Installation

To determine the version of Excel that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Excel.exe, and then click Search.
In the list of files, right-click Excel.exe, and then click Properties.
On the Version tab, determine the version of Excel that is installed on your computer.
Note: If the Excel 97 Security Update: KB830356 is already installed on your computer, you receive the following error message when you try to install the Excel 97 Security Update: KB830356:

This update has already been applied or is included in an update that has already been applied.

The update contains updated versions of the following files:

File name Size Date File Version
Excel.exe 5,621,248 10/26/2003 8.00.01.9904

Microsoft Excel 2000
Prerequisites Client Update

Important: Before you install this update, make sure that the following requirements have been met:

Microsoft Windows Installer 2.0
Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
Office 2000 Service Pack 3 (SP-3)
Before you install this update, install Office 2000 SP-3. For additional information about how to install Office 2000 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
326585 OFF2000: Overview of Office 2000 Service Pack 3
Inclusion in future service packs:

This update will be included in any future service packs for Office 2000

Installation Information client:

This security update supports the following Setup switches:

These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.

/q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path Specifies the target folder for extracting files.

/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path Specifies the path and name of the Setup .inf or .exe file.

/r:n Never restarts the computer after installation.

/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a Always restarts the computer after installation.

/r:s Restarts the computer after installation without prompting the user.

/n:v No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

For more information, see the Internet Explorer Administration Kit (IEAK).

If you installed your Office 2000 product; from a CD-ROM, you have the following two options:

Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.

-or-
Install only the Microsoft Excel 2000 Security Update: KB830349 by following the steps described later in this bulletin.

Note: Microsoft recommends that you install the client update by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.

Office Product Updates Web Site

To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:

http://office.microsoft.com/ProductUpdates/default.aspx

After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Deployment Information client install

Download the client version of the Excel 2000 Security Update Update
Click Save to save the Office2000-kb830349-client-enu.exe file to the selected folder.
In Windows Explorer, double-click Office2000-kb830349-client-enu.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
Insert your Office 2000 CD-ROM when you are prompted to do so, and then click OK.
When you receive a message that indicates the installation was successful, click OK.
Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 2000, and then install it again from the original CD-ROM.

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

File Name Size Date Version
excel.exe 6,997 KB 10/17/2003 9.0.08216

Verifying Update Installation

To determine the version of Excel that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Excel.exe, and then click Search.
In the list of files, right-click Excel.exe, and then click Properties.
On the Version tab, determine the version of Excel that is installed on your computer.
The update contains one of the updated versions of the following files:

File Name Size Date File Version
excel.exe 6,997 KB 10/17/2003 9.0.08216

Installation Information Administrative Update

Prerequisites Administrative Update

Windows Installer Update Requirements

To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.

Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):

http://www.microsoft.com/downloads/release.asp?releaseid=32831

Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:

http://www.microsoft.com/downloads/release.asp?releaseid=32832

Inclusion in future service packs:

This update will be included in any future service packs for Office 2000

Deployment Information Administrative Install

If you installed your Office 2000 product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Download the administrative version of the Excel 2000 Security update
If you are the server administrator, after you click the link to download the administrative update follow these steps:

Click Save to save the Office2000-kb830349-fullfile-enu.exe file to the selected folder.
In Windows Explorer, double-click Office2000-kb830349-fullfile-enu.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
In the Type the location where you want to place the extracted files box, type c:\kb830349, and then click OK.
Click Yes when you are prompted to create the folder.
If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
msiexec /a Admin Path\MSI File /p C:\kb830349\MSP File SHORTFile NameS=TRUE

where Admin Path is the path to your administrative installation point for Office 2000 (for example, C:\Office2000), MSI File is the .msi database package for the Office 2000 product (for example, Data1.msi), and MSP File is the name of the administrative update (for example, EXCELff.msp).

Note: You can append /qb+ to the command line so that the Office 2000 Administrative Installation dialog box and the End User License Agreementdialog box do not appear.

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box
msiexec /i Admin Path\MSI File REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path to your administrative installation point for Office 2000 (for example, C:\Office2000), MSI File is the MSI database package for the Office 2000 product (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL , or you can install the following feature:

EXCELFiles

For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

304165 OFF2000: How to Install a Public Update to an Administrative Installation

This bulletin contains standard instructions for installing an administrative public update. You can also see the following article in the Microsoft Office Resource Kit:

http://www.microsoft.com/office/ork/2003/admin/97_2000/exc0904a.htm

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

File Name Size Date File Version
excel.exe 6,997 10/17/2003 9.0.0.8216

Verifying Update Installation

To determine the version of Excel that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Excel.exe, and then click Search.
In the list of files, right-click Excel.exe, and then click Properties.
On the Version tab, determine the version of Excel that is installed on your computer.
For additional information about how to determine the version of Excel 2000 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

255275 OFF2000: How to Determine the Version of Your Office Program

Note: If the Excel 2000 Security Update: KB830349 is already installed on your computer, you receive the following error message when you try to install the Excel 2000 Security Update: KB830349:

This update has already been applied or is included in an update that has already been applied.

The update contains updated versions of the following files:

File Name Size Date File Version
excel.exe 6,997 10/17/2003 9.0.0.8216

Microsoft Excel 2002
Prerequisites Client Update

Important: Before you install this update, make sure that the following requirements have been met:

Microsoft Windows Installer 2.0
Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
Office XP Service Pack 2 (SP-2)
Before you install this update, install Office XP SP-2. For additional information about how to install Office XP Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
325671 OFFXP: Overview of the Office XP Service Pack 2

Inclusion in future service packs:

This update will be included in any future service packs for Office XP

Installation Information client:

This security update supports the following Setup switches:

These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.

/q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path Specifies the target folder for extracting files.

/c Extracts the files without installing them. If /t: path is not specified, you areprompted for a target folder.

/c:path Specifies the path and name of the Setup .inf or .exe file.

/r:n Never restarts the computer after installation.

/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a Always restarts the computer after installation.

/r:s Restarts the computer after installation without prompting the user.

/n:v No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

For more information, see the Internet Explorer Administration Kit (IEAK).

If you installed you Office 2000 product; from a CD-ROM, you have the following two options:

Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.

-or-
Install only the Microsoft Excel 2000 Security Update: KB830349 by following the steps described later in this bulletin.

Note: Microsoft recommends that you install the client update by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.

Office Product Updates Web Site

To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:

http://office.microsoft.com/ProductUpdates/default.aspx

After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Deployment Information

Download the client version of the Excel 2002 Security Update Update
Click Save to save the Officexp-kb830350-client-enu.exe file to the selected folder. In Windows Explorer, double-click Officexp-kb830350-client-enu.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
Insert your Office XP CD-ROM when you are prompted to do so, and then click OK.
When you receive a message that indicates the installation was successful, click OK.
Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office XP, and then install it again from the original CD-ROM.

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

File Name Size Date File Version
excel.exe 8,967 KB 10/16/03 10.0.5815.0

Verifying Update Installation

To determine the version of Excel that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Excel.exe, and then click Search.
In the list of files, right-click Excel.exe, and then click Properties.
On the Version tab, determine the version of Excel that is installed on your computer.
The update contains an updated version of the following file:

File Name Size Date File Version
excel.exe 8,967 KB 10/16/03 10.0.5815.0

Installation Information Administrative install

Prerequisites Administrative install

Windows Installer Update Requirements

To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.

Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):

http://www.microsoft.com/downloads/release.asp?releaseid=32831

Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:

http://www.microsoft.com/downloads/release.asp?releaseid=32832

Inclusion in future service packs:

This update will be included in any future service packs for Office XP

Installation Information for the Administrative Update

If you installed your Office XP product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Download the administrative version of the Excel 2002 Security Update Update
If you are the server administrator, after you click the link to download the administrative update follow these steps:

Click Save to save the Officexp-kb830350-fullfile-enu.exe file to the selected folder.
In Windows Explorer, double-click Officexp-kb830350-fullfile-enu.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
In the Type the location where you want to place the extracted files box, type c:\KB830350, and then click OK.
Click Yes when you are prompted to create the folder.
If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
msiexec /a Admin Path\MSI File /p C:\KB830350\MSP File SHORTFile NameS=TRUE

where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), MSI File is the .msi database package for the Office XP product (for example, Data1.msi), and MSP File is the name of the administrative update (for example, EXCELff.msp).

Note: You can append /qb+ to the command line so that the Office XP Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box

msiexec /i Admin Path\MSI File REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), MSI File is the MSI database package for the Office XP product (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL, or you can install the following feature(s):

EXCELFiles, WORDNonBootFiles

For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

301348 OFFXP: How to Install a Public Update to an Administrative Installation

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

File Name Size Date File Version
excel.exe 8,967 KB 10/16/03 10.0.5815.0

Verifying Update Installation

To determine the version of Excel that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Excel.exe, and then click Search.
In the list of files, right-click Excel.exe, and then click Properties.
On the Version tab, determine the version of Excel that is installed on your computer.
For additional information about how to determine the version of Excel 2002 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

291331 HOW TO: Check the Version of Office XP

Note: If the Excel 2002 Security Update: KB830350 is already installed on your computer, you receive the following error message when you try to install the Excel 2002 Security Update: KB830350:

This update has already been applied or is included in an update that has already been applied.

The update contains an updated version of the following file:

File Name Size Date File Version
excel.exe 8,967 KB 10/16/03 10.0.5815.0

Microsoft Word 97
Prerequisites Client Update

This security update requires Office 97 Service Release 2

Inclusion in future service packs:

This update will be included in any future service packs for Office 97

Installation Information for the Client Update:

This security update supports the following Setup switches:

These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.

/q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path Specifies the target folder for extracting files.

/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path Specifies the path and name of the Setup .inf or .exe file.

/r:n Never restarts the computer after installation.

/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a Always restarts the computer after installation.

/r:s Restarts the computer after installation without prompting the user.

/n:v No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

For more information, see the Internet Explorer Administration Kit (IEAK).

Deployment Information

Download the Word 97 Security Update
Click Save to save the Office97-KB830354-ENU.exe file to the selected folder.
In Windows Explorer, double-click Office97-KB830354-ENU.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
Insert your Office 97 CD-ROM when you are prompted to do so, and then click OK.
When you receive a message that indicates the installation was successful, click OK.
Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 97, and then install it again from the original CD-ROM.

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

File Name Size Date File Version
Word.exe 5,212 KB 10/15/2003 8.0.0.9315
wwintl32.dll 1,132 KB 10/15/2003 8.0.0.9315

Verifying Update Installation

To determine the version of Excel that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Excel.exe, and then click Search.
In the list of files, right-click Word.exe, and then click Properties.
On the Version tab, determine the version of Word that is installed on your computer.
The update contains updated versions of the following files:

File Name Size Date File Version
winword.exe 8,826,932 10/20/2003 9.0.0.8216

Note: If the Word 97 Security Update: KB830354 is already installed on your computer, you receive the following error message when you try to install the Word 97 Security Update: KB830354:

This update has already been applied or is included in an update that has already been applied.

Microsoft Word 98(J)
Prerequisites Client Update

This security update requires Office 97 Service Release 2

Inclusion in future service packs:

This update will be included in any future service packs for Office 97

Installation Information for the Client Update:

This security update supports the following Setup switches:

These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.

/q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path Specifies the target folder for extracting files.

/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path Specifies the path and name of the Setup .inf or .exe file.

/r:n Never restarts the computer after installation.

/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a Always restarts the computer after installation.

/r:s Restarts the computer after installation without prompting the user.

/n:v No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

For more information, see the Internet Explorer Administration Kit (IEAK).

Deployment Information

Download the Word 98 Security Update
Click Save to save the Office98-KB830357-JPN.exe file to the selected folder.
In Windows Explorer, double-click Office98-KB830357-JPN.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
Insert your Office 98 CD-ROM when you are prompted to do so, and then click OK.
When you receive a message that indicates the installation was successful, click OK.
Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 98, and then install it again from the original CD-ROM.

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

File Name Size Date File Version
wwintl32.dll 2,313 KB 10/16/2003
WinWord.exe 5,499 KB 10/16/2003 8.0.0.9716

Verifying Update Installation

To determine the version of Word that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Winword.exe, and then click Search.
In the list of files, right-click Winword.exe, and then click Properties.
On the Version tab, determine the version of Word that is installed on your computer.
Note: If the Word 98 Security Update: KB830357 is already installed on your computer, you receive the following error message when you try to install the Word 98 Security Update: KB830357:

This update has already been applied or is included in an update that has already been applied.

The update contains updated versions of the following files:

File Name Size Date File Version
WinWord.exe 5,499 KB 10/16/2003 8.0.0.9716

Microsoft Word 2000
Prerequisites Client Update

Important Before you install this update, make sure that the following requirements have been met:

Microsoft Windows Installer 2.0
Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
Office 2000 Service Pack 3 (SP-3)
Before you install this update, install Office 2000 SP-3. For additional information about how to install Office 2000 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
326585 OFF2000: Overview of Office 2000 Service Pack 3

Inclusion in future service packs:

This update will be included in any future service packs for Office 2000

Installation Information client:

This security update supports the following Setup switches:

These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.

/q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path Specifies the target folder for extracting files.

/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path Specifies the path and name of the Setup .inf or .exe file.

/r:n Never restarts the computer after installation.

/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a Always restarts the computer after installation.

/r:s Restarts the computer after installation without prompting the user.

/n:v No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

For more information, see the Internet Explorer Administration Kit (IEAK).

If you installed your Office 2000 product from a CD-ROM, you have the following two options:

Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.
-or-

Install only the Microsoft Word 2000 Security Update: KB830347 by following the steps described later in this bulletin.
Note: Microsoft recommends that you install the client update by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.

Office Product Updates Web Site

To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:

http://office.microsoft.com/ProductUpdates/default.aspx

After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Deployment Information

Download the client version of the Word 2000 Security Update
Click Save to save the Office2000-kb830347-client-enu.exe file to the selected folder.
In Windows Explorer, double-click Office2000-kb830347-client-enu.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
Insert your Office 2000 CD-ROM when you are prompted to do so, and then click OK.
When you receive a message that indicates the installation was successful, click OK.
Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 2000, and then install it again from the original CD-ROM.

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

How to Determine Whether the Update Is Installed

To determine the version of Word that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Winword.exe, and then click Search.
In the list of files, right-click Winword.exe, and then click Properties.
On the Version tab, determine the version of Word that is installed on your computer.
The English version of this update contains the following files:

File Name Size Date File Version
winword.exe 8,826,932 10/20/2003 9.0.0.8216

Installation Information Administrative Update

Prerequisites Administrative Update

Windows Installer Update Requirements

To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.

Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):

http://www.microsoft.com/downloads/release.asp?releaseid=32831

Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:

http://www.microsoft.com/downloads/release.asp?releaseid=32832

Inclusion in future service packs:

This update will be included in any future service packs for Office 2000

Installation Information for the Administrative Update

If you installed your Office 2000 product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Download the administrative version of the Word 2000 Security Update
Click Save to save the office2000-kb830347-fullfile-enu.exe file to the selected folder.
In Windows Explorer, double-click office2000-kb830347-fullfile-enu.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
In the Type the location where you want to place the extracted files box, type c:\kb830347, and then click OK.
Click Yes when you are prompted to create the folder.
If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
msiexec /a Admin Path\MSI File /p C:\kb830347\MSP File SHORTFile NameS=TRUE

where Admin Path is the path to your administrative installation point for Office 2000 (for example, C:\Office2000), MSI File is the .msi database package for the Office 2000 product (for example, Data1.msi), and MSP File is the name of the administrative update (for example, WINWORDff.msp).

Note: You can append /qb+ to the command line so that the Office 2000 Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box

msiexec /i Admin Path\MSI File REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path to your administrative installation point for Office 2000 (for example, C:\Office2000), MSI File is the MSI database package for the Office 2000 product (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL, or you can install the following feature(s):

WORDFiles

For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

304165 OFF2000: How to Install a Public Update to an Administrative Installation

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update contains the following files:

File Name Size Date File Version
winword.exe 8,826,932 10/20/2003 9.0.0.8216

To determine the version of Word that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Winword.exe, and then click Search.
In the list of files, right-click Winword.exe, and then click Properties.
On the Version tab, determine the version of Word that is installed on your computer.
For additional information about how to determine the version of Word 2000 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

255275 OFF2000: How to Determine the Version of Your Office Program

Note: If the Word 2000 Security Update: KB830347 is already installed on your computer, you receive the following error message when you try to install the Word 2000 Security Update: KB830347:

This update has already been applied or is included in an update that has already been applied.

The update contains updated versions of the following files:

File Name Size Date File Version
winword.exe 8,826,932 10/20/2003 9.0.0.8216

Microsoft Word 2002
Prerequisites Client Update

Important Before you install this update, make sure that the following requirements have been met:

Microsoft Windows Installer 2.0
Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
Office XP Service Pack 2 (SP-2)
Before you install this update, install Office XP SP-2. For additional information about how to install Office XP Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
325671 OFFXP: Overview of the Office XP Service Pack 2

Inclusion in future service packs:

This update will be included in any future service packs for Office XP

Installation Information Client:

This security update supports the following Setup switches:

These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.

/q Specifies quiet mode, or suppresses prompts, when files are being extracted.

/q:u Specifies user-quiet mode, which presents some dialog boxes to the user.

/q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.

/t:path Specifies the target folder for extracting files.

/c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.

/c:path Specifies the path and name of the Setup .inf or .exe file.

/r:n Never restarts the computer after installation.

/r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.

/r:a Always restarts the computer after installation.

/r:s Restarts the computer after installation without prompting the user.

/n:v No version checking - Install the program over any previous version.

Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.

For more information, see the Internet Explorer Administration Kit (IEAK).

If you installed Word from a CD-ROM, you have the following two options:

Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.
-or-

Install only the Microsoft Word 2002 Security Update: KB830346 by following the steps described later in this bulletin.
Note: Microsoft recommends that you install the client update by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.

Office Product Updates Web Site

To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:

http://office.microsoft.com/ProductUpdates/default.aspx

After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Deployment Information

Download the client version of the Word 2002 Security Update
Click Save to save the officexp-kb830346-client-enu.exe file to the selected folder.
In Windows Explorer, double-click officexp-kb830346-client-enu.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
Insert your Office XP CD-ROM when you are prompted to do so, and then click OK.
When you receive a message that indicates the installation was successful, click OK.
Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office XP, and then install it again from the original CD-ROM.

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

How to Determine Whether the Update Is Installed

To determine the version of Word that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Winword.exe, and then click Search.
In the list of files, right-click Winword.exe, and then click Properties.
On the Version tab, determine the version of Word that is installed on your computer.
The English version of the update contains the following files:

File Name Size Date File Version
winword.exe 10,355 KB 10/16/03 10.0.5815.0

Installation Information Administrative Update

Prerequisites Administrative Update

Windows Installer Update Requirements

To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.

Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):

http://www.microsoft.com/downloads/release.asp?releaseid=32831

Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:

http://www.microsoft.com/downloads/release.asp?releaseid=32832

Inclusion in future service packs:

This update will be included in any future service packs for Office XP

Installation Information for the Administrative Update

If you installed your Office XP product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

Download the administrative version of the Word 2002 Security Update
Click Save to save the officexp-kb830346-fullfile-enu.exe file to the selected folder.
In Windows Explorer, double-click officexp-kb830346-fullfile-enu.exe.
If you are prompted to install the update, click Yes.
Click Yes to accept the License Agreement.
In the Type the location where you want to place the extracted files box, type c:\kb830346, and then click OK.
Click Yes when you are prompted to create the folder.
If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
msiexec /a Admin Path\MSI File /p C:\kb830346\MSP File SHORTFile NameS=TRUE

where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), MSI File is the .msi database package for the Office XP product (for example, Data1.msi), and MSP File is the name of the administrative update (for example, WINWORDff.msp).

Note: You can append /qb+ to the command line so that the Office XP Administrative Installation dialog box and the End User License Agreement dialog box do not appear.

Deployment Information

To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box

msiexec /i Admin Path\MSI File REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), MSI File is the MSI database package for the Office XP product (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL, or you can install the following feature(s):

WORDFiles

For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

301348 OFFXP: How to Install a Public Update to an Administrative Installation

Restart Requirement

No Restart required.

Removal Information

This security update can not be uninstalled

File Information

The English version of this update has the file attributes (or later) that are listed in the following table.

File Name Size Date File Version
winword.exe 10,355 KB 10/16/2003 10.0.5815.0

To determine the version of Word that is installed on your computer, follow these steps.

Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Click Start, and then click Search.
In the Search Results pane, click All files and folders under Search Companion.
In the All or part of the file name box, type Winword.exe, and then click Search.
In the list of files, right-click Winword.exe, and then click Properties.
On the Version tab, determine the version of Word that is installed on your computer.
For additional information about how to determine the version of Word 2002 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

291331 HOW TO: Check the Version of Office XP

Note: If the Word 2002 Security Update: KB830346 is already installed on your computer, you receive the following error message when you try to install Word 2002 Security Update: KB830346:

This update has already been applied or is included in an update that has already been applied.

The English version of the update contains the following file:

File Name Size Date File Version
winword.exe 10,355 KB 10/16/2003 10.0.5815.0

Acknowledgments

Microsoft thanks for working with us to protect customers:

Kazuyuki Housaka for reporting the issue in Excel.
Obtaining other security updatees:

Updatees for other security issues are available from the following locations:

Security updatees are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_update".
Updatees for consumer platforms are available from the WindowsUpdate web site
Support:

Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls associated with security patches.
International customers can get support from their local Microsoft subsidiaries. There is no charge for support associated with security updates. Information on how to contact Microsoft support is available at http://support.microsoft.com/common/international.aspx
Security Resources:
The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
Microsoft Software Update Services: http://www.microsoft.com/sus/
Microsoft Baseline Security Analyzer (MBSA) details: http://www.microsoft.com/mbsa. Please see http://support.microsoft.com/default.aspx?scid=kb;EN-US;306460 for list of security updatees that have detection limitations with MBSA tool.
Windows Update Catalog: http://support.microsoft.com/default.aspx?scid=kb;EN-US;323166
Windows Update: http://windowsupdate.microsoft.com
Office Update: http://office.microsoft.com/officeupdate/
Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

V1.0 (November 11, 2003): Bulletin published.