Microsoft KB Archive/830346

= Description of the Word 2002 security patch: November 11, 2003 =

Article ID: 830346

Article Last Modified on 1/9/2007

-

APPLIES TO


 * Microsoft Word 2002 Standard Edition

-





SUMMARY
Microsoft has released a patch to Microsoft Word 2002. This patch fixes a vulnerability when you open a document that contains certain data values (the names of macros in the document) that could allow arbitrary code to run. Additionally, many other issues have been fixed as described later in this article. This Word 2002 patch is part of the continued effort by Microsoft to provide the latest product updates to customers.

This article describes how to download and install the Microsoft Word 2002 Patch: KB830346.

This update or security patch was first included in Office XP Service Pack 3. For additional information about the latest service pack for Office XP, click the following article number to view the article in the Microsoft Knowledge Base:

307841 OFFXP: How to Obtain the Latest Office XP Service Pack



How to Download and Install the Patch
Important Before you install this patch, make sure that you meet the following requirements:  Microsoft Windows Installer 2.0

Before you install this patch, you must install Windows Installer 2.0 or later. For additional information about this requirement, see the &quot;Windows Installer Patch Requirements&quot; section of this article. Microsoft Office XP Service Pack 2 (SP-2)

Before you install this patch, install Office XP SP-2.

For additional information about how to install Office XP Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:

325671 OFFXP: Overview of the Office XP Service Pack 2



Client Patch
If you installed Word 2002 from a CD-ROM, you have the following two options:
 * Use the Microsoft Office Product Updates Web site to automatically install all the latest updates that include all available service packs and public updates.
 * Install only the Word 2002 Security Patch: KB830346 by following the steps that are described later in this article.

Note Microsoft recommends that you install the client patch by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.

Office Product Updates Web Site
To have the Office Product Updates Web site detect the required updates that you must install on your computer, visit the following Microsoft Web site:

http://office.microsoft.com/en-us/downloads/maincatalog.aspx

After detection is complete, you receive a list of updates that are recommended for your approval. Click Start Installation to complete the process.

Install Only the Word 2002 Security Patch: KB830346
The following file is available for download from the Microsoft Download Center:

Download the client version of the Word 2002 Security Patch: KB830346 package now.

Release Date: November 11, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

To download and install the client patch, follow these steps:
 * 1) Click Save to save the Officexp-kb830346-client-enu.exe file to the selected folder.
 * 2) In Microsoft Windows Explorer, double-click Officexp-kb830346-client-enu.exe.
 * 3) If you are prompted to install the patch, click Yes.
 * 4) Click Yes to accept the License Agreement.
 * 5) Insert your Microsoft Office XP CD-ROM when you are prompted to do so, and then click OK.
 * 6) When you receive a message that indicates that the installation was successful, click OK.

Note After you install the patch, you cannot remove it. To revert to an installation before the patch was installed, you must remove Office XP, and then install it again from the original CD-ROM.

Administrative Patch
If you installed your Office XP product from a server location, the server administrator must update the server location with the administrative patch and deploy that update to your computer.

The following file is available for download from the Microsoft Download Center:

Download the administrative version of the Word 2002 Security Patch: KB830346 package now.

Release Date: November 11, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

If you are the server administrator, after you click the link to download the administrative patch follow these steps:  Click Save to save the Officexp-kb830346-fullfile-enu.exe file to the selected folder. In Windows Explorer, double-click Officexp-kb830346-fullfile-enu.exe. If you are prompted to install the patch, click Yes. Click Yes to accept the License Agreement.</li> In the Type the location where you want to place the extracted files box, type c:\kb830346, and then click OK.</li> Click Yes when you are prompted to create the folder.</li> If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run.

Type the following command in the Open box

msiexec /a \ /p C:\kb830346\  SHORTFILENAMES=TRUE

where  is the path of your administrative installation point for Office XP (for example, C:\OfficeXP),   is the .msi database package for the Office XP product (for example, Proplus.msi), and   is the name of the administrative patch (for example, WINWORDff.msp).

Note You can append /qb+ to the command line so that the Office XP Administrative Installation dialog box and the End User License Agreement dialog box do not appear.</li> To deploy the patch to the client workstations, click Start, and then click Run.

Type the following command in the Open box

msiexec /i \  REINSTALL=  REINSTALLMODE=vomu

where  is the path of your administrative installation point for Office XP (for example, C:\OfficeXP),   is the MSI database package for the Office XP product (for example, Proplus.msi), and   is the list of feature names (case sensitive) that have to be reinstalled for the patch. To install all features, you can use REINSTALL=ALL, or you can install the following feature or features:

WORDFiles

</li></ol>

For additional information about how to update your administrative installation and deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

301348 OFFXP: How to Install a Public Update to an Administrative Installation

This article contains standard instructions for installing an administrative public update. You can also see the following article in the Microsoft Office Resource Kit. To do so, visit the following Microsoft Web site:

http://www.microsoft.com/office/ork/2003/admin/xp/wrd1007a.htm

How to Determine If the Patch Is Installed
The patch contains updated versions of the following files: <pre class="fixed_text">  File name      Version --  Winword.exe    10.0.5815.0 To determine the version of Microsoft Word that is installed on your computer, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
 * 1) Click Start, and then click Search.
 * 2) In the Search Results pane, click All files and folders under Search Companion.
 * 3) In the All or part of the file name box, type Winword.exe, and then click Search.
 * 4) In the list of files, right-click the Winword.exe file, and then click Properties.
 * 5) On the Version tab, determine the version of Word that is installed on your computer.

For additional information about how to determine the version of Word that is installed on your computer, click the following article number to view the article in the Microsoft Knowledge Base:

291331 How to check the version of Office XP

Note If the Word 2002 Security Patch: KB830346 is already installed on your computer, you receive the following error message when you try to install Word 2002 Security Patch: KB830346:

This update has already been applied or is included in an update that has already been applied.

Windows Installer Patch Requirements
To install the patch that is described in this article, you must have Windows Installer 2.0 or later installed. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3) include Windows Installer 2.0 or later.

To install the latest version of Windows Installer for Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me), visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=cebbacd8-c094-4255-b702-de3bb768148f%20&displaylang=en

To install the latest version of Windows Installer for Microsoft Windows NT 4.0 and Windows 2000, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=4b6140f9-2d36-4977-8fa1-6f8a0f5dca8f&DisplayLang=en

List of Issues That Are Fixed by the Patch
The Word 2002 Security Patch: KB830346 fixes the issues that are described in the following Word 2002 Post-Service Pack 2 Hotfix Packages:

823972 Availability of the Word 2002 Post-Service Pack 2 Hotfix Package: August 9, 2003

825814 Availability of the Word 2002 Post-Service Pack 2 Hotfix Package: August 15, 2003

827138 Availability of the Word 2002 Post-Service Pack 2 Hotfix Package: August 21, 2003

827150 Availability of the Word 2002 Post-Service Pack 2 Hotfix Package: September 5, 2003

827971 Word 2002 Post-Service Pack 2 Hotfix Package: September 12, 2003

827980 Word 2002 Post-Service Pack 2 Hotfix Package: September 19, 2003

827986 Word 2002 Post-Service Pack 2 Hotfix Package: September 25, 2003

The Word 2002 Security Patch: KB830346 fixes the following issues that were not previously documented in the Microsoft Knowledge Base:
 * Error message or table rows are repeated when you scroll through a document.
 * Error message: &quot;Check the file permissions for the document or drive&quot;.
 * Error message in Word 2002.

Error Message or Table Rows Are Repeated When You Scroll Through a Document
When you scroll through a Word 2002 document that contains a table with merged cells that spans multiple pages, some of the table rows may appear several times or you may receive the following error message:

Microsoft Word has encountered a problem and needs to close, We are sorry for the inconvenience.

To see what data this error report contains, click here.

When you view the details of the error message, you find an error signature that is similar to the following: <pre class="fixed_text">  AppName      AppVer       ModName      ModVer       Offset Winword.exe 10.0.2627.0  Winword.exe  10.0.2627.0  006342d7

Error Message: &quot;Check the File Permissions for the Document or Drive&quot;
In Word 2002, when you try to open a document that causes earlier versions of Word to quit with an error message, you receive the following error message:

The document name or path is not valid. Try these suggestions.


 * Check the file permissions for the document or drive.


 * Use the File Open dialog box to locate the document. ( \...\ .doc)

Note In earlier versions of Word, the document could cause macros in specially crafted documents to run.

Error Message in Word 2002
You receive the following Word 2002 error message:

Microsoft Word has encountered a problem and needs to close. We are sorry for the inconvenience.

To see what data this error report contains, click here.

When you view the data in the error report, the report contains an error signature that is similar to one of the following error signatures: <pre class="fixed_text">App Name       App Version     Module Name     Module Version  offset

Winword.exe    10.0.4219.0     Winword.exe     10.0.4219.0     004875a9 Winword.exe    10.0.4524.0     Winword.exe     10.0.4524.0     001ee439 Winword.exe    10.0.4109.0     Mso.dll         10.0.3501.0     0006ce47 Winword.exe    10.0.4009.0     Mso.dll         10.0.3501.0     0006ce47 Winword.exe    10.0.3416.0     Mso.dll         10.0.3501.0     0006ce47 Outlook.exe    10.0.3416.0     Mso.dll         10.0.3501.0     0006ce47 Mspub.exe      10.0.3402.0     Mso.dll         10.0.3501.0     0006ce47 Winword.exe    10.0.2930.0     Mso.dll         10.0.3501.0     0006ce47 Winword.exe    10.0.2627.0     Mso.dll         10.0.3501.0     0006ce47 Winword.exe    10.0.4219.0     Winword.exe     10.0.4219.0     001ddbfd Winword.exe    10.0.5522.0     Winword.exe     10.0.5522.0     001ee92c Winword.exe    10.0.4524.0     Winword.exe     10.0.4524.0     00199b47 Winword.exe    10.0.4524.0     Winword.exe     10.0.4524.0     00199b49 Winword.exe    10.0.4219.0     Winword.exe     10.0.4219.0     001ee12b Winword.exe    10.0.4219.0     Winword.exe     10.0.4219.0     001ee129 Winword.exe    10.0.4109.0     Winword.exe     10.0.4109.0     001f5705 Winword.exe    10.0.3416.0     Winword.exe     10.0.3416.0     0019b943 Winword.exe    10.0.3416.0     Winword.exe     10.0.3416.0     0019b941 Winword.exe    10.0.2930.0     Winword.exe     10.0.2930.0     001f4bbb Winword.exe    10.0.2627.0     Winword.exe     10.0.2627.0     0031b22f Winword.exe    10.0.2627.0     Winword.exe     10.0.2627.0     0031b231 Additionally, other program versions, module versions, and offsets are possible.

Additional query words: updating updated patched patching security_patch security_update update security bug context flaw vulnerability malicious attacker exploit registry unauthenticated specially-formed scope specially-crafted affected

Keywords: kbservicepack kbsecurity kbinfo kbupdate KB830346

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.