Microsoft KB Archive/924164

= MS06-059: Vulnerabilities in Excel could allow remote code execution =

Article ID: 924164

Article Last Modified on 12/14/2006

-

APPLIES TO


 * Microsoft Office Excel 2003
 * Microsoft Office Excel Viewer 2003
 * Microsoft Excel 2002 Standard Edition
 * Microsoft Excel 2000 Standard Edition
 * Microsoft Excel 2004 for Mac
 * Microsoft Excel X for Mac
 * Microsoft Works Suite 2006
 * Microsoft Works Suite 2005
 * Microsoft Works Suite 2004

-



INTRODUCTION
Microsoft has released security bulletin MS06-059. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites, depending on whether you are a home user or an IT professional:  Home users:

http://www.microsoft.com/athome/security/update/bulletins/200610.mspx

 IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms06-059.mspx





Summary
Some Microsoft Excel 2002 users who have Microsoft Windows Installer 2.0 installed received indication that the original version of security update 923089 for Excel 2002 was installed successfully. However, the actual binary file, Excel.exe, was not updated to the secure version. The re-release version of security update 923089 for Excel 2002 corrects this issue.

To determine whether you are in this state, verify the version of Excel.exe that you have installed. You are affected by this issue if you installed the original version of security update 923089 for Excel 2002, and if the file version is still earlier than 10.0.6816.0. In this case, you must install the re-release version of security update 923089 for Excel 2002.

Question and answer
Q: Why am I offered the re-release version of security update 923089 for Excel 2002 on Microsoft Update and Office Update even though I am not affected by the issue?

A: This re-released update supersedes the earlier Excel 2002 update. Therefore, the detection automatically offers the latest update to all users. If you are not affected by this issue, you do not have to install the re-release version of security update 923089 for Excel 2002.

Issues that the security update fixes
In addition to the issues that are described in the security bulletin, this security update addresses the issues that are described in the following Microsoft Knowledge Base articles:  

923090 Description of the security update for Excel 2000: October 10, 2006

 

923089 Description of the security update for Excel 2002: October 10, 2006

 

923088 Description of the security update for Excel 2003: October 10, 2006

 

923275 Description of the security update for Excel Viewer 2003: October 10, 2006

</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000

Keywords: kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbpubtypekc kboffice2003presp3fix KB924164

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.