Microsoft KB Archive/830347

= Description of the Word 2000 Security Patch: November 11, 2003 =

Article ID: 830347

Article Last Modified on 1/9/2007

-

APPLIES TO


 * Microsoft Word 2000 Standard Edition

-





SUMMARY
Microsoft has released a patch to Microsoft Word 2000. This patch fixes a vulnerability when you open a document that contains certain data values (the names of macros in the document) that could allow arbitrary code to run. This Word 2000 patch is part of the continued effort by Microsoft to provide the latest product updates to customers.

This article describes how to download and install the Microsoft Word 2000 Security Patch: KB830347.



How to Download and Install the Patch
Important Before you install this patch, make sure that you meet the following requirements:  Microsoft Windows Installer 2.0.

Before you install this patch, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the &quot;Windows Installer Patch Requirements&quot; section of this article. Microsoft Office 2000 Service Pack 3 (SP-3)

Before you install this patch, install Office 2000 SP-3.

For additional information about how to install Office 2000 Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:

326585 OFF2000: Overview of Office 2000 Service Pack 3



Client Patch
If you installed Word 2000 from a CD-ROM, you have the following two options:
 * Use the Microsoft Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.
 * Install only the Word 2000 Security Patch: KB830347 by following the steps that are described later in this article.

Note Microsoft recommends that you install the client patch by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.

Office Product Updates Web Site

To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:

http://office.microsoft.com/en-us/downloads/maincatalog.aspx

After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Install Only the Word 2000 Security Patch: KB830347

The following file is available for download from the Microsoft Download Center:

Download the client version of the Word 2000 Security Patch: KB830347 package now.

Release Date: November 11, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

To download and install the client patch, follow these steps:
 * 1) Click Save to save the Office2000-kb830347-client-enu.exe file to the selected folder.
 * 2) In Microsoft Windows Explorer, double-click Office2000-kb830347-client-enu.exe.
 * 3) If you are prompted to install the patch, click Yes.
 * 4) Click Yes to accept the License Agreement.
 * 5) Insert your Office 2000 CD-ROM when you are prompted to do so, and then click OK.
 * 6) When you receive a message that indicates that the installation was successful, click OK.

Note After you install the patch, you cannot remove it. To revert to an installation before the patch was installed, you must remove Office 2000, and then install it again from the original CD-ROM.

Administrative Patch
If you installed your Office 2000 product from a server location, the server administrator must update the server location with the administrative patch and deploy that update to your computer.

The following file is available for download from the Microsoft Download Center:

Download the administrative version of the Word 2000 Security Patch: KB830347 package now.

Release Date: November 11, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

If you are the server administrator, after you click the link to download the administrative patch follow these steps:  Click Save to save the Office2000-kb830347-fullfile-enu.exe file to the selected folder. In Windows Explorer, double-click Office2000-kb830347-fullfile-enu.exe. If you are prompted to install the patch, click Yes. Click Yes to accept the License Agreement.</li> In the Type the location where you want to place the extracted files box, type c:\kb830347, and then click OK.</li> Click Yes when you are prompted to create the folder.</li> If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run.

Type the following command in the Open box

msiexec /a \ /p C:\kb830347\  SHORTFILENAMES=TRUE

where  is the path of your administrative installation point for Office 2000 (for example, C:\Office2000),   is the .msi database package for the Office 2000 product (for example, Data1.msi), and   is the name of the administrative patch (for example, WINWORDff.msp).

Note You can append /qb+ to the command line so that the Office 2000 Administrative Installation dialog box and the End User License Agreement dialog box do not appear.</li> To deploy the patch to the client workstations, click Start, and then click Run.

Type the following command in the Open box

msiexec /i \  REINSTALL=  REINSTALLMODE=vomu

where  is the path of your administrative installation point for Office 2000 (for example, C:\Office2000),   is the MSI database package for the Office 2000 product (for example, Data1.msi), and   is the list of feature names (case sensitive) that have to be reinstalled for the patch. To install all features, you can use REINSTALL=ALL, or you can install the following feature(s):

WORDFiles

</li></ol>

For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

304165 OFF2000: How to Install an Update to Administrative Installations

This article contains standard instructions for installing an administrative public update. You can also see the following article in the Microsoft Office Resource Kit:

http://www.microsoft.com/office/ork/2003/admin/97_2000/Wrd0904a.htm

How to Determine If the Patch Is Installed
The patch contains an updated version of the following file: <pre class="fixed_text">  File name      Version -  Winword.exe    9.0.0.8216 Note For the Hindi and Thai versions of this patch, the updated file version is as follows: <pre class="fixed_text">  File name      Version -  Winword.exe    9.0.0.8902 To determine the version of Microsoft Word that is installed on your computer, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 * 1) Click Start, and then click Search.
 * 2) In the Search Results pane, click All files and folders under Search Companion.
 * 3) In the All or part of the file name box, type Winword.exe, and then click Search.
 * 4) In the list of files, right-click the Winword.exe file, and then click Properties.
 * 5) On the Version tab, determine the version of Word that is installed on your computer.

Note In the Hindi or the Thai version of Word 2002, when you click About Microsoft Word on the Help menu, the version will be listed as 9.0.0.8901.

For additional information about how to determine the version of Word that is installed on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

255275 OFF2000: How to Determine the Version of Your Office Program

Note If the Word 2000 Security Patch: KB830347 is already installed on your computer, you receive the following error message when you try to install the Word 2000 Security Patch: KB830347:

This update has already been applied or is included in an update that has already been applied.

Windows Installer Patch Requirements
To install the patch that is described in this article requires Windows Installer 2.0 or later. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later.

To install the latest version of the Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me), visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=cebbacd8-c094-4255-b702-de3bb768148f%20&displaylang=en

To install the latest version of the Windows Installer for Microsoft Windows NT 4.0 and Windows 2000, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=4b6140f9-2d36-4977-8fa1-6f8a0f5dca8f&DisplayLang=en

List of Issues That Are Fixed by the Patch
The Word 2000 Security Patch: KB830347 fixes the issue that is described in the following Word 2000 Post-Service Pack 3 Hotfix Package:

823973 Word 2000 Post-Service Pack 3 Hotfix Package: August 6, 2003

The Word 2000 Security Patch: KB830347 also fixes the following issues that were previously not documented in the Microsoft Knowledge Base:
 * Word 2000 quits unexpectedly when you open a document.
 * Flaw in the Hindi and the Thai versions of Word could enable macros to run automatically.

Word 2000 Quits Unexpectedly When You Open a Document
When you open a document in Word 2000, you receive one of the following error messages:

Microsoft Word for Windows has encountered a problem and needs to close. We are sorry for the inconvenience.

To see what data this error report contains, click here.

When you view the details of the error message, you receive an error signature that is similar to the following: <pre class="fixed_text">  AppName      AppVer      ModName      ModVer      Offset --  Winword.exe  9.0.0.2717  Winword.exe  9.0.0.2717  000628d9

WINWORD.exe has generated errors and will be closed by Windows. You will need to restart the program.

An error log is being created.

If you view the error log, you find the following error information:

Application exception occurred:

App: (pid=988)

When:  @

Exception number: c0000005 (access violation)

The Hindi and Thai version of the Word 2000 Security Patch: KB830347 also fixes the following issue.

Flaw in the Hindi and the Thai Versions of Word Could Enable Macros to Run Automatically
This update resolves a flaw in Word that could allow macros in specially crafted documents to run automatically regardless of the macro security level settings of the user.

This flaw was previously documented in the following Microsoft Knowledge Base article:

827653 MS03-035: Flaw in Microsoft Word Could Enable Macros to Run Automatically

Additional query words: security_patch security_update update security bug context flaw vulnerability malicious attacker exploit registry unauthenticated specially-formed scope specially-crafted affected

Keywords: kbfile kberrmsg kbdownload kbsecurity kbinfo kbupdate KB830347

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.