Microsoft KB Archive/268477

= PPT97: Update Available for HTML Script Vulnerability =

Article ID: 268477

Article Last Modified on 7/19/2007

-

APPLIES TO


 * Microsoft PowerPoint 97 Standard Edition

-



This article was previously published under Q268477



SUMMARY
Microsoft has released an update that eliminates a security vulnerability in Microsoft PowerPoint 97. Microsoft recommends that all users of PowerPoint 97 consider installing the PowerPoint 97 Add-In Security Update.

This vulnerability could allow a malicious Web site operator to save a file to a visitor's local hard disk without the visitor's knowledge. The file could then be used to execute various malicious tasks.

Product Versions Affected
All versions of Microsoft PowerPoint 97 can potentially be exploited through this security threat.

Update Availability
To obtain the PowerPoint 97 Add-In Security Update, please browse to the following Microsoft Web site and follow the download instructions:

http://www.microsoft.com/technet/security/bulletin/ms00-049.mspx

NOTE: There is a separate update for Office 2000, both PowerPoint and Excel. For additional information about the update for Office 2000, PowerPoint and Excel, click the article number below to view the article in the Microsoft Knowledge Base:

268457 PPT2000: Update Available for HTML Script Vulnerability



How to Download and Install the Update
Before you begin the installation, you must shut down all running programs, including Microsoft Office, Microsoft Project, and the Microsoft Office Shortcut Bar.
 * 1) Point your Web browser to the following Web site:

http://office.microsoft.com/downloads/9798/Ppt97sec.aspx
 * 1) Click Download Now!. Click Save this program to disk, and then click OK.
 * 2) Click Save to save the PPt97sec.exe file in the selected folder.
 * 3) In Windows Explorer, double-click PPt97sec.exe.
 * 4) Click Yes when you are asked whether you want to continue installing this update.
 * 5) Click Yes to accept the License Agreement.
 * 6) Click OK in the alert that indicates that the installation was successful.

IMPORTANT: After this update is applied, it cannot be uninstalled.

How to Verify That the Update Is Successful
The only changes made to Microsoft PowerPoint 97 are in the registry.

Files Contained in the PP97sec.exe Download
If you download PP97sec.exe and manually extract the files by using a command line similar to the following

C:\Downloads\PP97sec.exe /c /t:C:\PP97sec

the following files will be listed in the C:\PP97sec folder:

Install.inf

Readme.txt

Advpack.dll

W95inf32.dll

W95inf16.dll

Frequently asked questions and answers about this vulnerability and the update can be found at the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms00-049.asp

Additional query words: hole hack sploit ppt97 patch ppt9

Keywords: kbdownload kbfaq kbfix kbinfo KB268477

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.