Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Microsoft Office 2000 Macros parsing buffer overlofw

  Microsoft Word Macro Buffer Overflow

  Переполнение буфера при обработке структуры макроса

From:MICROSOFT <secure_(at)_microsoft.com>
Date:12.11.2003
Subject:Microsoft Security Bulletin MS03-050

 Microsoft Security Bulletin MS03-050 Print
 
 
 Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitrary Code to Run (831527)
 Issued: November 11, 2003
 Version: 1.0
 
 See all Office bulletins released November, 2003
 
 Summary
 Who should read this document: Customers who are using Microsoft® Excel or Microsoft Word
 
 Impact of vulnerability: Run code of attackers choice
 
 Maximum Severity Rating: Important
 
 Recommendation: Customers who are using the affected versions of Microsoft Excel or Microsoft Word should apply the appropriate security update at the earliest opportunity.
 
 Security Update Replacement Excel: This patch replaces the security patches contained in the following bulletins: MS01-050, MS02-031 and MS02-059.
 
 Security Update Replacement Word: This patch replaces the security patches contained in the following bulletins: MS02-021, MS02-031, MS02-059 and MS03-035.
 
 Caveats: None
 
 Tested Software and Security Update Download Locations:
 
 Affected Software:
 
 Microsoft Excel 97 - Download the update
 Microsoft Excel 2000 - Download the update
 Microsoft Excel 2002 - Download the update
 Microsoft Word 97 - Download the update
 Microsoft Word 98(J) - Download the update
 Microsoft Word 2000 and Microsoft Works Suite 2001 - Download the update
 Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004 - Download the update
 Non Affected Software:
 
 Microsoft Office Word 2003
 Microsoft Office Excel 2003
 The software listed above has been tested to determine if the versions are affected. Other versions are no longer supported, and may or may not be affected.
 
 
  Technical Details
 Technical description:
 
 A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set. The malicious macro could then take the same actions that the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
 
 A security vulnerability exists in Microsoft Word that could allow malicious code execution. This vulnerability exists due to to the way Word checks the length of a data value (Macro names) embedded in a document. If a specially crafted document were to be opened it could overflow a data value in Word and allow arbitrary code to be executed. If successfully exploited, an attacker could then take the same actions as the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
 
 Mitigating factors:
 
 If a user of Office 97 or Office 2000 has installed the Office Documentation Open Confirm Tool, the user will always get a “file open” warning dialog box when trying to open an Office document using Internet Explorer. For Office XP and Office System 2003 this “file open” warning dialog box is enabled by default.
 These vulnerabilities could only be exploited by an attacker who persuaded a user to open a malicious file – there is no way for an attacker to force a user to open a malicious file.
 Severity Rating:
 
 Microsoft Excel 97 Important
 Microsoft Excel 2000 Important
 Microsoft Excel 2002 Important
 Microsoft Word 97 Important
 Microsoft Word 98(J) Important
 Microsoft Word 2000 Important
 Microsoft Word 2002 Important
 Microsoft Works Suite 2001 Important
 Microsoft Works Suite 2002 Important
 Microsoft Works Suite 2003 Important
 Microsoft Works Suite 2004 Important
 
 The above assessment is based on the types of systems affected by the vulnerability, their typical deployment patterns, and the effect that exploiting the vulnerability would have on them.
 
 Vulnerability identifier Word: CAN-2003-0820
 
 Vulnerability identifier Excel: CAN-2003-0821
 
 
  Workarounds
 Due to the fact that this vulnerability bypasses the built-in macro security, the best workaround if you are unable to deploy the update is to not open documents from un-trusted sources.
 
 
  Frequently Asked Questions
 What is a macro?
 Generally, the term macro refers to a small program that automates frequently-performed tasks in an operating system or in a program. For example, many members of the Office family of products support the use of macros. This allows companies to develop macros that perform as sophisticated productivity tools that run in Word, in Excel, or in other programs.
 
 Like any computer program, macros can be misused. To combat this threat, Office has a security model that is designed to make sure that macros can only run when the user wants them to run.
 
 What might an attacker use these vulnerabilities to do?
 If successfully exploited, an attacker could cause code of their choice to run with additional privileges on the system. This could allow the attacker to add, delete or modify data on the system, or take any other action of the attacker’s choice.
 
 Who could exploit these vulnerabilities?
 Any user who could entice another user to open a specially-crafted document can attempt to exploit these vulnerabilities.
 
 How could an attacker exploit these vulnerabilities?
 An attacker could seek to exploit either of these vulnerabilities by creating a specially-crafted document that contains malicious code. The attacker could then send this to a user, typically through an e-mail message, and then persuade the user to open the file. An attacker could also host the specially-crafted document on a network share or on a Web site; however, the attacker would still need to persuade the user to open the document.
 
 Microsoft Works Suite is listed as a vulnerable product – why?
 Microsoft Works Suite includes Microsoft Word. Microsoft Works users should use Office Update at: http://www.office.microsoft.com/ProductUpdates/default.aspx to detect and to install the appropriate update.
 
 CAN-2003-0821: Excel Macro Vulnerability
 
 What’s the scope of the vulnerability in Microsoft Excel?
 The Excel vulnerability could enable an attacker to create a spreadsheet that, when opened, could allow an XLM (Excel 4) macro to run regardless of the macro security level. Macros can take any action that the user can take, and as a result this vulnerability could allow an attacker to take actions such as changing data, communicating with Web sites, reformatting the hard disk, or changing the security settings in the application.
 
 What causes the vulnerability in Microsoft Excel?
 This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. As a result the user will not be prompted with a macro security warning even when macros are present in the file.
 
 What's wrong with the way Excel handles macro security?
 Because of the way Excel reads and assesses macro security when a file is opened, under certain circumstances, macro security checks could be bypassed.
 
 What does the update for Microsoft Excel do?
 The update addresses the vulnerability by modifying the way that Excel performs macro security checks before opening a file.
 
 CAN-2003-0820: Word Buffer Overrun Vulnerability
 
 What’s the scope of the vulnerability in Microsoft Word?
 The Word buffer overrun vulnerability could enable an attacker to create a word document containing a Macro that, if successfully exploited, could allow an attacker to then take the same actions as the user had permissions to carry out - such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
 
 What causes the vulnerability in Microsoft Word?
 The vulnerability is the result of ithe way Word validates of the length of a data value (Macro names) embedded in a document. If successfully exploited an attacker could then take the same actions as the user had permissions to carry out-- such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.
 
 What's wrong with the way Word handles input buffers?
 Because of the way Word validates the length of an input buffer, under certain circumstances, this validation could lead to a buffer overrun.
 
 What does the update for Microsoft Word do?
 The update corrects the buffer overrun by properly validating the input buffer before opening a file.
 
 
  Security Update Information
 For information about the specific security update for your platform, click the appropriate link:
 
 For Microsoft Works Suite 2001 use the Word 2000 section
 For Microsoft Works Suite 2002, 2003 and 2004 update use the Word 2002 section
 
  Microsoft Excel 97
 Prerequisites Client Update
 
 This security update requires Office 97 Service Release 2
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office 97
 
 Installation Information for the Client Update:
 
 This security update supports the following Setup switches:
 
 These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.
 
 /q Specifies quiet mode, or suppresses prompts, when files are being extracted.
 
 /q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
 
 /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
 
 /t:path Specifies the target folder for extracting files.
 
 /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
 
 /c:path Specifies the path and name of the Setup .inf or .exe file.
 
 /r:n Never restarts the computer after installation.
 
 /r:I Prompts the user to restart the computer if a restart is required, except when used with /q:a.
 
 /r:a Always restarts the computer after installation.
 
 /r:s Restarts the computer after installation without prompting the user.
 
 /n:v No version checking - Install the program over any previous version.
 
 Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
 
 For more information, see the Internet Explorer Administration Kit (IEAK).
 
 Deployment Information
 
 Download the Excel 97 Security Update
 Click Save to save the Office97-KB830356-ENU.exe file to the selected folder.
 In Windows Explorer, double-click Office97-KB830356-ENU.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 Insert your Office 97 CD-ROM when you are prompted to do so, and then click OK.
 When you receive a message that indicates the installation was successful, click OK.
 Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 97, and then install it again from the original CD-ROM.
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update has the file attributes (or later) that are listed in the following table.
 
 File name Size Date File Version
 Excel.exe 5,621,248 10/26/2003 8.0.1.9904
 Scanload.dll 36,864 10/26/2003 8.2.0.9904
 
 Verifying Update Installation
 
 To determine the version of Excel that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Excel.exe, and then click Search.
 In the list of files, right-click Excel.exe, and then click Properties.
 On the Version tab, determine the version of Excel that is installed on your computer.
 Note: If the Excel 97 Security Update: KB830356 is already installed on your computer, you receive the following error message when you try to install the Excel 97 Security Update: KB830356:
 
 This update has already been applied or is included in an update that has already been applied.
 
 The update contains updated versions of the following files:
 
 File name Size Date File Version
 Excel.exe 5,621,248 10/26/2003 8.00.01.9904
 
 
  Microsoft Excel 2000
 Prerequisites Client Update
 
 Important: Before you install this update, make sure that the following requirements have been met:
 
 Microsoft Windows Installer 2.0
 Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
 Office 2000 Service Pack 3 (SP-3)
 Before you install this update, install Office 2000 SP-3. For additional information about how to install Office 2000 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
 326585 OFF2000: Overview of Office 2000 Service Pack 3
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office 2000
 
 Installation Information client:
 
 This security update supports the following Setup switches:
 
 These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.
 
 /q Specifies quiet mode, or suppresses prompts, when files are being extracted.
 
 /q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
 
 /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
 
 /t:path Specifies the target folder for extracting files.
 
 /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
 
 /c:path Specifies the path and name of the Setup .inf or .exe file.
 
 /r:n Never restarts the computer after installation.
 
 /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
 
 /r:a Always restarts the computer after installation.
 
 /r:s Restarts the computer after installation without prompting the user.
 
 /n:v No version checking - Install the program over any previous version.
 
 Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
 
 For more information, see the Internet Explorer Administration Kit (IEAK).
 
 If you installed your Office 2000 product; from a CD-ROM, you have the following two options:
 
 Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.
 
 -or-
 Install only the Microsoft Excel 2000 Security Update: KB830349 by following the steps described later in this bulletin.
 
 Note: Microsoft recommends that you install the client update by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.
 
 Office Product Updates Web Site
 
 To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:
 
 http://office.microsoft.com/ProductUpdates/default.aspx
 
 After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.
 
 Deployment Information client install
 
 Download the client version of the Excel 2000 Security Update Update
 Click Save to save the Office2000-kb830349-client-enu.exe file to the selected folder.
 In Windows Explorer, double-click Office2000-kb830349-client-enu.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 Insert your Office 2000 CD-ROM when you are prompted to do so, and then click OK.
 When you receive a message that indicates the installation was successful, click OK.
 Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 2000, and then install it again from the original CD-ROM.
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update has the file attributes (or later) that are listed in the following table.
 
 File Name Size Date Version
 excel.exe 6,997 KB 10/17/2003 9.0.08216
 
 Verifying Update Installation
 
 To determine the version of Excel that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Excel.exe, and then click Search.
 In the list of files, right-click Excel.exe, and then click Properties.
 On the Version tab, determine the version of Excel that is installed on your computer.
 The update contains one of the updated versions of the following files:
 
 File Name Size Date File Version
 excel.exe 6,997 KB 10/17/2003 9.0.08216
 
 Installation Information Administrative Update
 
 Prerequisites Administrative Update
 
 Windows Installer Update Requirements
 
 To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.
 
 Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):
 
 http://www.microsoft.com/downloads/release.asp?releaseid=32831
 
 Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:
 
 http://www.microsoft.com/downloads/release.asp?releaseid=32832
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office 2000
 
 Deployment Information Administrative Install
 
 If you installed your Office 2000 product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.
 
 Download the administrative version of the Excel 2000 Security update
 If you are the server administrator, after you click the link to download the administrative update follow these steps:
 
 Click Save to save the Office2000-kb830349-fullfile-enu.exe file to the selected folder.
 In Windows Explorer, double-click Office2000-kb830349-fullfile-enu.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 In the Type the location where you want to place the extracted files box, type c:\kb830349, and then click OK.
 Click Yes when you are prompted to create the folder.
 If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
 msiexec /a Admin Path\MSI File /p C:\kb830349\MSP File SHORTFile NameS=TRUE
 
 where Admin Path is the path to your administrative installation point for Office 2000 (for example, C:\Office2000), MSI File is the .msi database package for the Office 2000 product (for example, Data1.msi), and MSP File is the name of the administrative update (for example, EXCELff.msp).
 
 Note: You can append /qb+ to the command line so that the Office 2000 Administrative Installation dialog box and the End User License Agreementdialog box do not appear.
 
 To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box
 msiexec /i Admin Path\MSI File REINSTALL=Feature List REINSTALLMODE=vomu
 
 where Admin Path is the path to your administrative installation point for Office 2000 (for example, C:\Office2000), MSI File is the MSI database package for the Office 2000 product (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL , or you can install the following feature:
 
 EXCELFiles
 
 For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:
 
 304165 OFF2000: How to Install a Public Update to an Administrative Installation
 
 This bulletin contains standard instructions for installing an administrative public update. You can also see the following article in the Microsoft Office Resource Kit:
 
 http://www.microsoft.com/office/ork/2003/admin/97_2000/exc0904a.htm
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update has the file attributes (or later) that are listed in the following table.
 
 File Name Size Date File Version
 excel.exe 6,997 10/17/2003 9.0.0.8216
 
 Verifying Update Installation
 
 To determine the version of Excel that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Excel.exe, and then click Search.
 In the list of files, right-click Excel.exe, and then click Properties.
 On the Version tab, determine the version of Excel that is installed on your computer.
 For additional information about how to determine the version of Excel 2000 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:
 
 255275 OFF2000: How to Determine the Version of Your Office Program
 
 Note: If the Excel 2000 Security Update: KB830349 is already installed on your computer, you receive the following error message when you try to install the Excel 2000 Security Update: KB830349:
 
 This update has already been applied or is included in an update that has already been applied.
 
 The update contains updated versions of the following files:
 
 File Name Size Date File Version
 excel.exe 6,997 10/17/2003 9.0.0.8216
 
 
  Microsoft Excel 2002
 Prerequisites Client Update
 
 Important: Before you install this update, make sure that the following requirements have been met:
 
 Microsoft Windows Installer 2.0
 Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
 Office XP Service Pack 2 (SP-2)
 Before you install this update, install Office XP SP-2. For additional information about how to install Office XP Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
 325671 OFFXP: Overview of the Office XP Service Pack 2
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office XP
 
 Installation Information client:
 
 This security update supports the following Setup switches:
 
 These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.
 
 /q Specifies quiet mode, or suppresses prompts, when files are being extracted.
 
 /q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
 
 /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
 
 /t:path Specifies the target folder for extracting files.
 
 /c Extracts the files without installing them. If /t: path is not specified, you areprompted for a target folder.
 
 /c:path Specifies the path and name of the Setup .inf or .exe file.
 
 /r:n Never restarts the computer after installation.
 
 /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
 
 /r:a Always restarts the computer after installation.
 
 /r:s Restarts the computer after installation without prompting the user.
 
 /n:v No version checking - Install the program over any previous version.
 
 Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
 
 For more information, see the Internet Explorer Administration Kit (IEAK).
 
 If you installed you Office 2000 product; from a CD-ROM, you have the following two options:
 
 Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.
 
 -or-
 Install only the Microsoft Excel 2000 Security Update: KB830349 by following the steps described later in this bulletin.
 
 Note: Microsoft recommends that you install the client update by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.
 
 Office Product Updates Web Site
 
 To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:
 
 http://office.microsoft.com/ProductUpdates/default.aspx
 
 After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.
 
 Deployment Information
 
 Download the client version of the Excel 2002 Security Update Update
 Click Save to save the Officexp-kb830350-client-enu.exe file to the selected folder. In Windows Explorer, double-click Officexp-kb830350-client-enu.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 Insert your Office XP CD-ROM when you are prompted to do so, and then click OK.
 When you receive a message that indicates the installation was successful, click OK.
 Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office XP, and then install it again from the original CD-ROM.
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update has the file attributes (or later) that are listed in the following table.
 
 File Name Size Date File Version
 excel.exe 8,967 KB 10/16/03 10.0.5815.0
 
 Verifying Update Installation
 
 To determine the version of Excel that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Excel.exe, and then click Search.
 In the list of files, right-click Excel.exe, and then click Properties.
 On the Version tab, determine the version of Excel that is installed on your computer.
 The update contains an updated version of the following file:
 
 File Name Size Date File Version
 excel.exe 8,967 KB 10/16/03 10.0.5815.0
 
 Installation Information Administrative install
 
 Prerequisites Administrative install
 
 Windows Installer Update Requirements
 
 To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.
 
 Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):
 
 http://www.microsoft.com/downloads/release.asp?releaseid=32831
 
 Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:
 
 http://www.microsoft.com/downloads/release.asp?releaseid=32832
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office XP
 
 Installation Information for the Administrative Update
 
 If you installed your Office XP product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.
 
 Download the administrative version of the Excel 2002 Security Update Update
 If you are the server administrator, after you click the link to download the administrative update follow these steps:
 
 Click Save to save the Officexp-kb830350-fullfile-enu.exe file to the selected folder.
 In Windows Explorer, double-click Officexp-kb830350-fullfile-enu.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 In the Type the location where you want to place the extracted files box, type c:\KB830350, and then click OK.
 Click Yes when you are prompted to create the folder.
 If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
 msiexec /a Admin Path\MSI File /p C:\KB830350\MSP File SHORTFile NameS=TRUE
 
 where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), MSI File is the .msi database package for the Office XP product (for example, Data1.msi), and MSP File is the name of the administrative update (for example, EXCELff.msp).
 
 Note: You can append /qb+ to the command line so that the Office XP Administrative Installation dialog box and the End User License Agreement dialog box do not appear.
 
 Deployment Information
 
 To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box
 
 msiexec /i Admin Path\MSI File REINSTALL=Feature List REINSTALLMODE=vomu
 
 where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), MSI File is the MSI database package for the Office XP product (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL, or you can install the following feature(s):
 
 EXCELFiles, WORDNonBootFiles
 
 For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:
 
 301348 OFFXP: How to Install a Public Update to an Administrative Installation
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update has the file attributes (or later) that are listed in the following table.
 
 File Name Size Date File Version
 excel.exe 8,967 KB 10/16/03 10.0.5815.0
 
 Verifying Update Installation
 
 To determine the version of Excel that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Excel.exe, and then click Search.
 In the list of files, right-click Excel.exe, and then click Properties.
 On the Version tab, determine the version of Excel that is installed on your computer.
 For additional information about how to determine the version of Excel 2002 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:
 
 291331 HOW TO: Check the Version of Office XP
 
 Note: If the Excel 2002 Security Update: KB830350 is already installed on your computer, you receive the following error message when you try to install the Excel 2002 Security Update: KB830350:
 
 This update has already been applied or is included in an update that has already been applied.
 
 The update contains an updated version of the following file:
 
 File Name Size Date File Version
 excel.exe 8,967 KB 10/16/03 10.0.5815.0
 
 
  Microsoft Word 97
 Prerequisites Client Update
 
 This security update requires Office 97 Service Release 2
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office 97
 
 Installation Information for the Client Update:
 
 This security update supports the following Setup switches:
 
 These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.
 
 /q Specifies quiet mode, or suppresses prompts, when files are being extracted.
 
 /q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
 
 /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
 
 /t:path Specifies the target folder for extracting files.
 
 /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
 
 /c:path Specifies the path and name of the Setup .inf or .exe file.
 
 /r:n Never restarts the computer after installation.
 
 /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
 
 /r:a Always restarts the computer after installation.
 
 /r:s Restarts the computer after installation without prompting the user.
 
 /n:v No version checking - Install the program over any previous version.
 
 Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
 
 For more information, see the Internet Explorer Administration Kit (IEAK).
 
 Deployment Information
 
 Download the Word 97 Security Update
 Click Save to save the Office97-KB830354-ENU.exe file to the selected folder.
 In Windows Explorer, double-click Office97-KB830354-ENU.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 Insert your Office 97 CD-ROM when you are prompted to do so, and then click OK.
 When you receive a message that indicates the installation was successful, click OK.
 Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 97, and then install it again from the original CD-ROM.
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update has the file attributes (or later) that are listed in the following table.
 
 File Name Size Date File Version
 Word.exe 5,212 KB 10/15/2003 8.0.0.9315
 wwintl32.dll 1,132 KB 10/15/2003 8.0.0.9315
 
 Verifying Update Installation
 
 To determine the version of Excel that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Excel.exe, and then click Search.
 In the list of files, right-click Word.exe, and then click Properties.
 On the Version tab, determine the version of Word that is installed on your computer.
 The update contains updated versions of the following files:
 
 File Name Size Date File Version
 winword.exe 8,826,932 10/20/2003 9.0.0.8216
 
 Note: If the Word 97 Security Update: KB830354 is already installed on your computer, you receive the following error message when you try to install the Word 97 Security Update: KB830354:
 
 This update has already been applied or is included in an update that has already been applied.
 
 
  Microsoft Word 98(J)
 Prerequisites Client Update
 
 This security update requires Office 97 Service Release 2
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office 97
 
 Installation Information for the Client Update:
 
 This security update supports the following Setup switches:
 
 These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.
 
 /q Specifies quiet mode, or suppresses prompts, when files are being extracted.
 
 /q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
 
 /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
 
 /t:path Specifies the target folder for extracting files.
 
 /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
 
 /c:path Specifies the path and name of the Setup .inf or .exe file.
 
 /r:n Never restarts the computer after installation.
 
 /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
 
 /r:a Always restarts the computer after installation.
 
 /r:s Restarts the computer after installation without prompting the user.
 
 /n:v No version checking - Install the program over any previous version.
 
 Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
 
 For more information, see the Internet Explorer Administration Kit (IEAK).
 
 Deployment Information
 
 Download the Word 98 Security Update
 Click Save to save the Office98-KB830357-JPN.exe file to the selected folder.
 In Windows Explorer, double-click Office98-KB830357-JPN.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 Insert your Office 98 CD-ROM when you are prompted to do so, and then click OK.
 When you receive a message that indicates the installation was successful, click OK.
 Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 98, and then install it again from the original CD-ROM.
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update has the file attributes (or later) that are listed in the following table.
 
 File Name Size Date File Version
 wwintl32.dll 2,313 KB 10/16/2003
 WinWord.exe 5,499 KB 10/16/2003 8.0.0.9716
 
 Verifying Update Installation
 
 To determine the version of Word that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Winword.exe, and then click Search.
 In the list of files, right-click Winword.exe, and then click Properties.
 On the Version tab, determine the version of Word that is installed on your computer.
 Note: If the Word 98 Security Update: KB830357 is already installed on your computer, you receive the following error message when you try to install the Word 98 Security Update: KB830357:
 
 This update has already been applied or is included in an update that has already been applied.
 
 The update contains updated versions of the following files:
 
 File Name Size Date File Version
 WinWord.exe 5,499 KB 10/16/2003 8.0.0.9716
 
 
  Microsoft Word 2000
 Prerequisites Client Update
 
 Important Before you install this update, make sure that the following requirements have been met:
 
 Microsoft Windows Installer 2.0
 Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
 Office 2000 Service Pack 3 (SP-3)
 Before you install this update, install Office 2000 SP-3. For additional information about how to install Office 2000 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
 326585 OFF2000: Overview of Office 2000 Service Pack 3
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office 2000
 
 Installation Information client:
 
 This security update supports the following Setup switches:
 
 These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.
 
 /q Specifies quiet mode, or suppresses prompts, when files are being extracted.
 
 /q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
 
 /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
 
 /t:path Specifies the target folder for extracting files.
 
 /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
 
 /c:path Specifies the path and name of the Setup .inf or .exe file.
 
 /r:n Never restarts the computer after installation.
 
 /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
 
 /r:a Always restarts the computer after installation.
 
 /r:s Restarts the computer after installation without prompting the user.
 
 /n:v No version checking - Install the program over any previous version.
 
 Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
 
 For more information, see the Internet Explorer Administration Kit (IEAK).
 
 If you installed your Office 2000 product from a CD-ROM, you have the following two options:
 
 Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.
 -or-
 
 Install only the Microsoft Word 2000 Security Update: KB830347 by following the steps described later in this bulletin.
 Note: Microsoft recommends that you install the client update by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.
 
 Office Product Updates Web Site
 
 To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:
 
 http://office.microsoft.com/ProductUpdates/default.aspx
 
 After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.
 
 Deployment Information
 
 Download the client version of the Word 2000 Security Update
 Click Save to save the Office2000-kb830347-client-enu.exe file to the selected folder.
 In Windows Explorer, double-click Office2000-kb830347-client-enu.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 Insert your Office 2000 CD-ROM when you are prompted to do so, and then click OK.
 When you receive a message that indicates the installation was successful, click OK.
 Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office 2000, and then install it again from the original CD-ROM.
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 How to Determine Whether the Update Is Installed
 
 To determine the version of Word that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Winword.exe, and then click Search.
 In the list of files, right-click Winword.exe, and then click Properties.
 On the Version tab, determine the version of Word that is installed on your computer.
 The English version of this update contains the following files:
 
 File Name Size Date File Version
 winword.exe 8,826,932 10/20/2003 9.0.0.8216
 
 Installation Information Administrative Update
 
 Prerequisites Administrative Update
 
 Windows Installer Update Requirements
 
 To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.
 
 Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):
 
 http://www.microsoft.com/downloads/release.asp?releaseid=32831
 
 Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:
 
 http://www.microsoft.com/downloads/release.asp?releaseid=32832
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office 2000
 
 Installation Information for the Administrative Update
 
 If you installed your Office 2000 product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.
 
 Download the administrative version of the Word 2000 Security Update
 Click Save to save the office2000-kb830347-fullfile-enu.exe file to the selected folder.
 In Windows Explorer, double-click office2000-kb830347-fullfile-enu.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 In the Type the location where you want to place the extracted files box, type c:\kb830347, and then click OK.
 Click Yes when you are prompted to create the folder.
 If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
 msiexec /a Admin Path\MSI File /p C:\kb830347\MSP File SHORTFile NameS=TRUE
 
 where Admin Path is the path to your administrative installation point for Office 2000 (for example, C:\Office2000), MSI File is the .msi database package for the Office 2000 product (for example, Data1.msi), and MSP File is the name of the administrative update (for example, WINWORDff.msp).
 
 Note: You can append /qb+ to the command line so that the Office 2000 Administrative Installation dialog box and the End User License Agreement dialog box do not appear.
 
 Deployment Information
 
 To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box
 
 msiexec /i Admin Path\MSI File REINSTALL=Feature List REINSTALLMODE=vomu
 
 where Admin Path is the path to your administrative installation point for Office 2000 (for example, C:\Office2000), MSI File is the MSI database package for the Office 2000 product (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL, or you can install the following feature(s):
 
 WORDFiles
 
 For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:
 
 304165 OFF2000: How to Install a Public Update to an Administrative Installation
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update contains the following files:
 
 File Name Size Date File Version
 winword.exe 8,826,932 10/20/2003 9.0.0.8216
 
 To determine the version of Word that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Winword.exe, and then click Search.
 In the list of files, right-click Winword.exe, and then click Properties.
 On the Version tab, determine the version of Word that is installed on your computer.
 For additional information about how to determine the version of Word 2000 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:
 
 255275 OFF2000: How to Determine the Version of Your Office Program
 
 Note: If the Word 2000 Security Update: KB830347 is already installed on your computer, you receive the following error message when you try to install the Word 2000 Security Update: KB830347:
 
 This update has already been applied or is included in an update that has already been applied.
 
 The update contains updated versions of the following files:
 
 File Name Size Date File Version
 winword.exe 8,826,932 10/20/2003 9.0.0.8216
 
 
  Microsoft Word 2002
 Prerequisites Client Update
 
 Important Before you install this update, make sure that the following requirements have been met:
 
 Microsoft Windows Installer 2.0
 Before you install this update, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the "Windows Installer Update Requirements" section of this bulletin.
 Office XP Service Pack 2 (SP-2)
 Before you install this update, install Office XP SP-2. For additional information about how to install Office XP Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
 325671 OFFXP: Overview of the Office XP Service Pack 2
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office XP
 
 Installation Information Client:
 
 This security update supports the following Setup switches:
 
 These switches do not work with all update files. If a switch does not work, the functionality is necessary for that package.
 
 /q Specifies quiet mode, or suppresses prompts, when files are being extracted.
 
 /q:u Specifies user-quiet mode, which presents some dialog boxes to the user.
 
 /q:a Specifies administrator-quiet mode, which does not present any dialog boxes to the user.
 
 /t:path Specifies the target folder for extracting files.
 
 /c Extracts the files without installing them. If /t: path is not specified, you are prompted for a target folder.
 
 /c:path Specifies the path and name of the Setup .inf or .exe file.
 
 /r:n Never restarts the computer after installation.
 
 /r:i Prompts the user to restart the computer if a restart is required, except when used with /q:a.
 
 /r:a Always restarts the computer after installation.
 
 /r:s Restarts the computer after installation without prompting the user.
 
 /n:v No version checking - Install the program over any previous version.
 
 Note: The use of the /n:v switch is unsupported and may result in an unbootable system. If the installation is unsuccessful, you should consult your support professional to understand why it fails.
 
 For more information, see the Internet Explorer Administration Kit (IEAK).
 
 If you installed Word from a CD-ROM, you have the following two options:
 
 Use the Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.
 -or-
 
 Install only the Microsoft Word 2002 Security Update: KB830346 by following the steps described later in this bulletin.
 Note: Microsoft recommends that you install the client update by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.
 
 Office Product Updates Web Site
 
 To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:
 
 http://office.microsoft.com/ProductUpdates/default.aspx
 
 After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.
 
 Deployment Information
 
 Download the client version of the Word 2002 Security Update
 Click Save to save the officexp-kb830346-client-enu.exe file to the selected folder.
 In Windows Explorer, double-click officexp-kb830346-client-enu.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 Insert your Office XP CD-ROM when you are prompted to do so, and then click OK.
 When you receive a message that indicates the installation was successful, click OK.
 Note: After you install the update, you cannot remove it. To revert to an installation before the update was installed, you must remove Office XP, and then install it again from the original CD-ROM.
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 How to Determine Whether the Update Is Installed
 
 To determine the version of Word that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Winword.exe, and then click Search.
 In the list of files, right-click Winword.exe, and then click Properties.
 On the Version tab, determine the version of Word that is installed on your computer.
 The English version of the update contains the following files:
 
 File Name Size Date File Version
 winword.exe 10,355 KB 10/16/03 10.0.5815.0
 
 Installation Information Administrative Update
 
 Prerequisites Administrative Update
 
 Windows Installer Update Requirements
 
 To install the update that is described in this bulletin requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.
 
 Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):
 
 http://www.microsoft.com/downloads/release.asp?releaseid=32831
 
 Windows Installer for Microsoft Windows NT 4.0 and Windows 2000:
 
 http://www.microsoft.com/downloads/release.asp?releaseid=32832
 
 Inclusion in future service packs:
 
 This update will be included in any future service packs for Office XP
 
 Installation Information for the Administrative Update
 
 If you installed your Office XP product from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.
 
 Download the administrative version of the Word 2002 Security Update
 Click Save to save the officexp-kb830346-fullfile-enu.exe file to the selected folder.
 In Windows Explorer, double-click officexp-kb830346-fullfile-enu.exe.
 If you are prompted to install the update, click Yes.
 Click Yes to accept the License Agreement.
 In the Type the location where you want to place the extracted files box, type c:\kb830346, and then click OK.
 Click Yes when you are prompted to create the folder.
 If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box
 msiexec /a Admin Path\MSI File /p C:\kb830346\MSP File SHORTFile NameS=TRUE
 
 where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), MSI File is the .msi database package for the Office XP product (for example, Data1.msi), and MSP File is the name of the administrative update (for example, WINWORDff.msp).
 
 Note: You can append /qb+ to the command line so that the Office XP Administrative Installation dialog box and the End User License Agreement dialog box do not appear.
 
 Deployment Information
 
 To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box
 
 msiexec /i Admin Path\MSI File REINSTALL=Feature List REINSTALLMODE=vomu
 
 where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), MSI File is the MSI database package for the Office XP product (for example, Data1.msi), and Feature List is the list of feature names (case sensitive) that have to be reinstalled for the update. To install all features, you can use REINSTALL=ALL, or you can install the following feature(s):
 
 WORDFiles
 
 For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:
 
 301348 OFFXP: How to Install a Public Update to an Administrative Installation
 
 Restart Requirement
 
 No Restart required.
 
 Removal Information
 
 This security update can not be uninstalled
 
 File Information
 
 The English version of this update has the file attributes (or later) that are listed in the following table.
 
 File Name Size Date File Version
 winword.exe 10,355 KB 10/16/2003 10.0.5815.0
 
 To determine the version of Word that is installed on your computer, follow these steps.
 
 Note: Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 
 Click Start, and then click Search.
 In the Search Results pane, click All files and folders under Search Companion.
 In the All or part of the file name box, type Winword.exe, and then click Search.
 In the list of files, right-click Winword.exe, and then click Properties.
 On the Version tab, determine the version of Word that is installed on your computer.
 For additional information about how to determine the version of Word 2002 on your computer, click the following article number to view the article in the Microsoft Knowledge Base:
 
 291331 HOW TO: Check the Version of Office XP
 
 Note: If the Word 2002 Security Update: KB830346 is already installed on your computer, you receive the following error message when you try to install Word 2002 Security Update: KB830346:
 
 This update has already been applied or is included in an update that has already been applied.
 
 The English version of the update contains the following file:
 
 File Name Size Date File Version
 winword.exe 10,355 KB 10/16/2003 10.0.5815.0
 
 
 Acknowledgments
 
 Microsoft thanks for working with us to protect customers:
 
 Kazuyuki Housaka for reporting the issue in Excel.
 Obtaining other security updatees:
 
 Updatees for other security issues are available from the following locations:
 
 Security updatees are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_update".
 Updatees for consumer platforms are available from the WindowsUpdate web site
 Support:
 
 Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls associated with security patches.
 International customers can get support from their local Microsoft subsidiaries. There is no charge for support associated with security updates. Information on how to contact Microsoft support is available at http://support.microsoft.com/common/international.aspx
 Security Resources:
 The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
 Microsoft Software Update Services: http://www.microsoft.com/sus/
 Microsoft Baseline Security Analyzer (MBSA) details: http://www.microsoft.com/mbsa. Please see http://support.microsoft.com/default.aspx?scid=kb;EN-US;306460 for list of security updatees that have detection limitations with MBSA tool.
 Windows Update Catalog: http://support.microsoft.com/default.aspx?scid=kb;EN-US;323166
 Windows Update: http://windowsupdate.microsoft.com
 Office Update: http://office.microsoft.com/officeupdate/
 Disclaimer:
 
 The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
 
 Revisions:
 
 V1.0 (November 11, 2003): Bulletin published.
 

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod