Article ID: 830356
Article Last Modified on 7/8/2005
APPLIES TO
- Microsoft Excel 97 Standard Edition
SUMMARY
Microsoft has released a patch to Microsoft Excel 97 for Windows. This patch fixes a vulnerability under certain scenarios where an Excel file can be modified in such a way that a macro that includes Microsoft Excel 4.0 Macro Language (XLM) commands can run with no macro security warning issued. Additionally, other similar issues are fixed as described later in this article.
This article describes how to download and install the Microsoft Excel 97 Security Patch: KB830356.
back to the top
Issues That Are Fixed in the Excel 97 Security Patch: KB830356
The following issues are fixed in this patch package but were not previously documented in a Microsoft Knowledge Base article:
- A Macro security warning may appear when a workbook does not contain macros.
- A Macro security warning does not appear when the macro runs.
- Macros in a workbook run automatically when workbooks are opened through a hyperlink on a drawing share.
- Embedded macros can be executed and can bypass the macro security.
- Change in binary file can bypass macro controls.
Macro Security Warning May Appear When a Workbook Does Not Contain Macros
When you open a workbook in Excel 97, you may receive the macro security warning when the workbook does not contain macros.
The following issue is also fixed in the English, Korean (KOR), Japanese (JPN), Chinese simplified (CHS), Chinese traditional (CHT), and Chinese Pan (CHP) versions of this patch.
Macro Security Warning Does Not Appear When the Macro Runs
When you open a workbook in Excel 97, macro code may run with no macro security warning.
The following issues are also fixed in the non-English version of this patch.
A Microsoft Excel macro execution vulnerability that relates to how macros are handled in workbooks when those workbooks are opened through a hyperlink on a drawing shape. Macros in a workbook that is opened this way can run automatically.
This issue was previously documented in the following Microsoft Knowledge Base article:
324458 MS02-031: June 19, 2002 Cumulative Patches for Microsoft Excel and Microsoft Word
Embedded Macros Can Be Executed and Can Bypass the Macro Security
An Excel macro execution vulnerability that relates to how inline macros that are associated with objects are handled. Because of this vulnerability, macros can be executed and can bypass the Macro Security Model when the user clicks on an object in a workbook.
This issue was previously documented in the following Microsoft Knowledge Base article:
324458 MS02-031: June 19, 2002 Cumulative Patches for Microsoft Excel and Microsoft Word
Change in Binary File Can Bypass Macro Controls
An Excel workbook stream can be altered in such a way that the macros in the file run without prompting a macro warning or being stopped by macro controls.
This issue was previously documented in the following Microsoft Knowledge Base article:
306604 XL2000: Excel 2000 SR-1 Macro Modification Security Update
Install the Excel 97 Security Patch: KB830356
Note If you have previously installed the Excel 97 Hotfix that is documented in Knowledge Base article 300953, this patch will not install properly. In this case, you must manually extract the Excel.exe file from this patch and then replace the Excel.exe file on your computer with this one.
The following file is available for download from the Microsoft Download Center:
Download the Excel 97 Security Patch: KB830356 package now.
Release Date: November 11, 2003
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
To download and install the security patch, follow these steps:
- Click Save to save the Office97-KB830356-ENU.exe file to the selected folder.
- In Microsoft Windows Explorer, double-click Office97-KB830356-ENU.exe.
- If you are prompted to install the patch, click Yes.
- Click Yes to accept the License Agreement.
- Insert your Microsoft Office 97 CD-ROM when you are prompted to do so, and then click OK.
- When you receive a message that indicates that the installation was successful, click OK.
Note After you install the patch, you cannot remove it. To revert to an installation before the patch was installed, you must remove Office 97, and then install it again from the original CD-ROM.
back to the top
How to Determine If the Patch Is Installed
The patch contains updated versions of the following files:
English, Korean (KOR), Japanese (JPN), Chinese simplified (CHS), Chinese traditional (CHT), and Chinese Pan (CHP) Patch Versions
File name Version ------------------------- Excel.exe 8.0.1.9904 Scanload.dll 8.2.0.9904
Arabic (ARA), and Hebrew (HBR) Patch Versions
File name Version ------------------------- Excel.exe 8.0.0.4003 Scanload.dll 8.2.0.9904
Thai (THA) Patch Version
File name Version ------------------------- Excel.exe 8.0.0.4316 Scanload.dll 8.2.0.9904
To determine the version of Microsoft Excel that is installed on your computer, follow these steps.
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
- Click Start, and then click Search.
- In the Search Results pane, click All files and folders under Search Companion.
- In the All or part of the file name box, type Excel.exe, and then click Search.
- In the list of files, right-click the Excel.exe file, and then click Properties.
- On the Version tab, determine the version of Excel that is installed on your computer.
Note If the Excel 97 Security Patch: KB830356 is already installed on your computer, you receive the following error message when you try to install the Excel 97 Security Patch: KB830356:
Additional query words: security_patch security_update update security bug context flaw vulnerability malicious attacker exploit registry unauthenticated specially-formed scope specially-crafted affected
Keywords: kbdownload kbsecurity kbinfo kbupdate kbbug kbfix KB830356