Microsoft KB Archive/303833

= OL2000: The Outlook View Control Exposes Unsafe Functionality =

Article ID: 303833

Article Last Modified on 8/11/2004

-

APPLIES TO


 * Microsoft Outlook 2000 Standard Edition

-



This article was previously published under Q303833



SUMMARY
Microsoft has released an update that eliminates potential security vulnerability in Microsoft Outlook 2000. This update eliminates a security vulnerability that could allow certain scripts to run in conjunction with the Microsoft Outlook View Control.

The Outlook View Control is an ActiveX control that allows you to view Outlook e-mail folders in your Web browser. The control is not installed in Outlook 2000 by default, but was available as an ActiveX control download from Microsoft, and was released with Microsoft Outlook Team Folders 2000.

This security vulnerability is also described in the Microsoft Security bulletin, &quot;Microsoft Security Bulletin MS01-038: Outlook View Control Exposes Unsafe Functionality,&quot; which is located at the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS01-038.mspx

This article describes how to download and apply the update.



Client Update:
If you installed Outlook 2000 from CD-ROM or from a network, follow these steps to download and install the client update.

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.  Click the following hyperlink to the Microsoft Download Center:

http://download.microsoft.com/download/outlook2000/outlctlx/1/WIN98Me/EN-US/outlctlx.exe

 Click Save this program to disk, and then click OK. Click Save to save the Outlctlx.exe file to the selected folder. In Windows Explorer, double-click Outlctlx.exe. If you are prompted to install the update, click Yes. Click Yes to accept the License Agreement. Insert your Office XP CD-ROM when you are prompted to do so, and then click OK.</li> When you receive a message that indicates the installation was successful, click OK.</li></ol>

NOTE: After you install the update, you cannot remove the update.

Administrative Update:
An administrative version is not available for the Outlook View Control update. The Microsoft Office 2000 Resource Kit contains several options for deploying the client update in your enterprise environment. For more information, click the following link:

http://www.microsoft.com/office/ork/xp/journ/ol2k-vc.htm

If your Office 2000 installation was performed from an Administrative installation point and you are using Admin patches, you can still apply this client patch to your machines because it is not a Windows Installer patch. The ActiveX control mentioned in this article that this patch is designed for is not part of the original product so there is no reference to these files in the Data1.msi which will enable this patch to be distributed to the client machines.

How to Determine Whether the Update Is Installed
The update adds or replaces the Outlctlx.dll. Outlctlx.dll version will be updated to 10.0.0.3124.

Other Information
The Outlook View Control was never installed as a component of an Office or Outlook installation. If you have this ActiveX control installed on your computer it has been installed by using one of the methods outlined in the Microsoft Knowledge Base article Q281618. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

281618 OL2000: General Information About the Outlook View Control

NOTE: You can install the Outlook View Control update even if you do not yet have the Outlook View Control installed on your computer. This ensures that you have the updated version of the ActiveX control installed on your computer so that you are protected in the event you utilize the control in the future.

Additional query words: OL2K hack

Keywords: kbinfo kbdownload kbfix KB303833

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.