Microsoft KB Archive/330080

= WD97: Word 97 Is Vulnerable to Security Issues That Are Documented in MS02-059 =

Article ID: 330080

Article Last Modified on 8/27/2007

-

APPLIES TO


 * Microsoft Word 97 Standard Edition

-



This article was previously published under Q330080



SYMPTOMS
When using Microsoft Word 97, your computer may be vulnerable to the security issues described in the Microsoft Security Bulletin MS02-059, including the issue where a maliciously crafted Microsoft Word document can lead to information disclosure.

NOTE: The issue and the patch that are described in this article also apply to the following versions of Word:

Japanese version of Word 98 for Windows

For additional information about this issue documented in the Microsoft Security Bulletin MS02-059, click the article number below to view the article in the Microsoft Knowledge Base:

330008 MS02-059: Flaw in Word Fields and Excel External Updates May Lead to Information Disclosure



RESOLUTION
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

NOTE: The Microsoft Office products that are listed at the beginning of this article were developed in an era when the security threat was very different, and as a result, they do not include the improved security architecture of more recent versions of Office, such as Macro security. Because Macro security is not included in Microsoft Office 97, the fix that is described in this article may be compromised. For more information about how this fix may be compromised, see the &quot;More Information Section&quot; of this article. Microsoft recommends that customers use Microsoft Office 2002 for the highest level of security.

IMPORTANT: Before you install the Word 97 Patch, install the Microsoft Word 97 Service Release 2b (SR-2b). Although the Word 97 Patch will install if you do not have Microsoft Word 97 SR-2b installed on your computer, the Word 97 Patch is only supported by Microsoft on Word 97 SR-2b. For more information about how to install Microsoft Word 97 Service Release 2b (SR-2b), visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=BEFD7842-602E-42B0-89D2-6BE39F1167C1

To resolve this problem, contact Microsoft Product Support Services (PSS) to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.Microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time      Version     Size     File name 8.0.0.9011 5,211KB  Winword.exe 5-Oct-2002  02:16 am  8.0.0.9011  1,132KB  Wwintl32.dll

NOTE: After you install the Word Patch you cannot remove it. The Word Patch changes the default behavior of some Word fields. If you want the Word fields to behave as they did before you installed the Word Patch set the FieldCalcSecurityLevel registry key to 0.

The Behavior Changes That Occur in the Word Fields When You Install the Word Patch
For additional information about the behavior of Word fields after the installation of the Word Patch, the 'FieldCalcSecurityLevel' registry key that effects Word field behavior, and how the Word Update affects Automation, click the article number below to view the article in the Microsoft Knowledge Base:

330079 WD: Behavior Changes in Word Fields Caused by Installing the Word Update



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
The updates to Word that are described in Microsoft Security Bulletin MS02-059 prevent several Word fields from updating automatically, and by default, prompts the user to allow updates to some linked data sources. Word 97 users should be aware that after they apply the fix to Word 97, it is still possible for a malicious user to create a document with crafted Word fields intended to gather unauthorized data. Because Office 97 did not include the ability to trust macros, it is not possible to detect who authored any particular macro when presented with the new error message. A macro can be crafted such that upon opening a document, it automatically updates all fields mimicking the manual re-calculation behavior in the document, therefore exposing the user to the same vulnerability as if the Word 97 patch had not been applied.

For additional information about Office 97 Macro Security Recommendations, click the article number below to view the article in the Microsoft Knowledge Base:

310365 OFF97: Office 97 Macro Security Recommendations

