Microsoft KB Archive/302294

= WD2002: Malformed Word Document Could Enable Macro to Run Automatically =

Article ID: 302294

Article Last Modified on 7/27/2006

-

APPLIES TO


 * Microsoft Word 2002 Standard Edition

-



This article was previously published under Q302294



SUMMARY
Microsoft has released an update that eliminates a security vulnerability in Microsoft Word 2002. This update, the Word 2002 Update: June 21, 2001, eliminates a security vulnerability that could allow certain macros to run in malformed documents without a warning to the user.

This update is also described in the following Microsoft security bulletin, &quot;Microsoft Security Bulletin MS01-034: Malformed Word Document Could Enable Macro to Run Automatically&quot;:

http://www.microsoft.com/technet/security/bulletin/MS01-034.mspx



MORE INFORMATION
To correct this problem, download and install the latest update for Word 2002. The latest update includes this and other Word-specific updates. For additional information about the Word 2002 Update: June 21, 2001, click the article number below to view the article in the Microsoft Knowledge Base:

300553 WD2002: Overview of the Word 2002 Public Update: June 14, 2001

Client Update
If you installed Word from CD-ROM, follow these steps to download and install the client update:  Using your Web browser, browse to the following Microsoft Web site:

http://office.microsoft.com/downloads/2002/wrd1001.aspx

 Click Download Now. Click Save this program to disk, and then click OK. Click Save to save the Wrd1001.exe file to the selected folder. In Windows Explorer, double-click Wrd1001.exe. If you are prompted to install the update, click Yes. Click Yes to accept the License Agreement. Insert your Office XP CD-ROM when you are prompted to do so, and then click OK.</li> When you receive a message that indicates the installation was successful, click OK.</li></ol>

NOTE: After you install the public update, you cannot uninstall it.

Administrative Update
If you installed Word from a server location, the server administrator must update the server location with the administrative public update and deploy that update to your computer.

If you are the server administrator, follow these steps to download the administrative update: <ol> Browse to following Microsoft Web site:

http://download.microsoft.com/download/OfficeXPProf/Patch/5.0.2919.6304.wd/W982KMeXP/EN-US/WRD1001a.exe

</li> Download the file to your desktop.</li> In Windows Explorer, double-click the Wrd1001a.exe file.</li> Click Yes to accept the License Agreement.</li> In the Please type the location where you want to place the extracted files box, type C:\wrd1001a, and then click OK. Click Yes when you are prompted to create the folder.</li></ol>

If you are familiar with the procedure for updating your administrative installation, click Start and then click Run. Type the following command in the Open box

msiexec /a  /p C:\wrd1001a\winword_admin.msp SHORTFILENAMES=1

where  is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), and

where MSI File is the MSI database package for the Office XP product (for example, ProPlus.msi).

To deploy the update to the client workstations, click Start and then click Run. Type the following command in the Open box

msiexec /i  REINSTALL=WORDFiles REINSTALLMODE=vomus

where  is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), and

where  is the MSI database package for the Office XP product (for example, ProPlus.msi).

For additional information about how to update your administrative installation and deploy to client workstations, click the article number below to view the article in the Microsoft Knowledge Base:

301348 OFFXP: How to Install a Public Update to Administrative Installations

This article contains standard instructions for installing an administrative public update.

Or, you can refer to the following article in the Microsoft Office XP Resource Kit:

http://www.microsoft.com/office/ork/xp/journ/Wdxp6-21.htm

How to Determine Whether the Update Is Installed
The update affects the file Winword.exe and updates the version of Microsoft Word 2002 to version 10.2930.2625. Click About Microsoft Word on the Help menu in Microsoft Word to determine the version.

Files Contained in Wrd1001.exe
If you download Wrd1001.exe and manually extract the files by using a command line similar to the following

C:\Windows\Desktop\wrd1001.exe /c /t:C:\wrd1001

the following files will be listed in the C:\wrd1001 folder:

Ohotfix.exe

Ohotfix.ini

Ohotfixr.dll

Winword.msp

How to Get an Update Log File
By default, the &quot;Word 2002 Update: June 21, 2001&quot; installation creates two log files during the update. The log files are created in your \Temp\OHotfix folder and have names similar to the following:

OHotfix(00001).log

OHotfix(00001)_Msi.log

You may have more than one pairing of log files with these names, with the only difference being the number in the names. The highest numbered pair corresponds to the update that you ran most recently.

<div class="references_section">