Article ID: 832332
Article Last Modified on 1/9/2007
APPLIES TO
- Microsoft Office XP Standard Edition
- Microsoft Access 2002 Standard Edition
- Microsoft Excel 2002 Standard Edition
- Microsoft FrontPage 2002 Standard Edition
- Microsoft Outlook 2002 Standard Edition
- Microsoft PowerPoint 2002 Standard Edition
- Microsoft Publisher 2002 Standard Edition
- Microsoft Word 2002 Standard Edition
SUMMARY
Microsoft has released an update to Microsoft Office XP. This article describes how to download and install this Office XP security update.
INTRODUCTION
This update fixes a vulnerability where a specially crafted image could allow for an attacker's code to run on a computer because of a vulnerability in the graphics interpreter code.
Microsoft has released security bulletin MS04-028. The security bulletin contains all the relevant information about the security update, including the file manifest information and the deployment options. To view the complete security bulletin, visit the following Microsoft Web site:
The following lists the release history for Office XP:
- Office XP security update: KB832332 version 1.0 - Released September 14, 2004
- Office XP security update: KB832332 version 2.0 - Released October 12, 2004
The Office XP security update: KB832332 version 2.0 that was released October 12, 2004, addresses a patching issue that occurs when you apply the update on a computer where Microsoft Windows Installer 3.0 is installed. We recommend that all users who have Microsoft Windows XP Service Pack 2 (SP2) installed run the current version of the update even if an earlier version is installed.
MORE INFORMATION
Prerequisites
Before you install this security update, make sure that your computer meets the following prerequisites.
Client update
Before you install the client update, install Microsoft Office XP Service Pack 3 (SP3).
For more information about how to install Office XP Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
832671 Description of Microsoft Office XP Service Pack 3
Administrative update
Before you install the administrative update, install Microsoft Office XP Service Pack 2 (SP2) or a later version.
For more information about how to obtain the different service packs for Office XP, click the following article number to view the article in the Microsoft Knowledge Base:
307841 How to obtain the latest Office XP service pack
Microsoft Windows Installer 2.0
Before you install this security update, you must install Windows Installer 2.0 or a later version. Both Microsoft Windows XP and Microsoft Windows 2000 Service Pack 3 include Windows Installer 2.0 or a later version. To install the latest version of the Windows Installer, visit one of the following Microsoft Web sites.
Microsoft Windows 95, Microsoft Windows 98, and Microsoft Windows Millennium Edition (Me):
Microsoft Windows NT 4.0 and Microsoft Windows 2000:
How to download and install the update
If you installed Office XP from a CD, follow the instructions in the following "Client update" section. If you installed your Office XP product from a server location, the server administrator must update the server location with the administrative update and then deploy that update to your computer. If you are a server administrator, follow the instructions in the following "Administrative update" section.
Client update
There are two methods that you can use to install the security update if you installed Office XP from a CD. We recommend that you install the client update by using the Microsoft Office Update Web site. The Office Update Web site detects your installation of Microsoft Office and prompts you to install the updates that make sure that your Office installation is up-to-date.
Method 1: Use the Office Update Web site
Use the Office Update Web site to automatically install all the latest updates that include all available service packs and public updates.
- Visit the following Microsoft Web site:
- Click Check for Updates.
- After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.
Method 2: Install only the Office XP security update: KB832332
Note If you install Officexp-kb832332-v2-fullfile-enu.exe on a client that is running Office XP SP2 instead of Office XP SP3, the SP2 text that is displayed in the About program
dialog box in each Office application is updated to SP3. This does not mean that Office XP SP3 has been installed. You must still install Office XP SP3 for your Office installation to be completely updated. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
328294 The About dialog box reports a service pack version that is different from what is expected in Office XP and Office 2003
- To download the update, visit the following Microsoft Web site: Note A localized version of the update is also available at this Web site.
- Click Open to download and to install the Officexp-kb832332-v2-client-enu.exe file.
- If you are prompted to install the security update, click Yes.
- Click Yes to accept the license agreement.
- Insert your Office XP CD when you are prompted, and then click OK.
- When you receive a message that indicates the installation was successful, click OK.
Note After you install the security update, you cannot remove it. To revert to the installation that existed before you installed this security update, you must remove Office XP and then install it again from the original CD.
Administrative update
If you are the server administrator, follow these steps to download the administrative update:
- In Windows Explorer, create a new folder on drive C, and then name the folder Kb832332.
- To download the full-file update, visit the following Microsoft Web site: Note A localized version of the full-file update is also available at this Web site.
- Click Save to save the Officexp-kb832332-v2-fullfile-enu.exe file to the Kb832332 folder.
- In Windows Explorer, double-click Officexp-kb832332-v2-fullfile-enu.exe.
- If you are prompted to install the update, click Yes.
- Click Yes to accept the license agreement.
- In the Type the location where you want to place the extracted files box, type C:\Kb832332, and then click OK.
- Click Start, click Run, type the following command, and then click OK:
msiexec /a
admin path
\msi file
/p c:\kb832332\msp file
shortfilenames=trueIn this command, replace the following placeholders with the correct information:
- Replace
admin path
with the path of your administrative installation point for Office XP, for example, C:\OfficeXP. - Replace
msi file
with the .msi database package for the Office XP product, for example, Proplus.msi. - Replace
msp file
with the name of the administrative update.
- Replace
- To deploy the update to the client workstations, click Start, click Run, and then type the following command in the Open box:
msiexec /i
admin path
\msi file
reinstall=feature list
reinstallmode=vomufeature list
with the list of case-sensitive feature names that have to be reinstalled for the update. To install all features, you can use the reinstall=all parameter, or you can install the ProductFiles feature.
For more information about how to update your administrative installation and how to deploy the security update to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:
301348 How to install public updates to administrative installations of Office XP
How to determine whether the update is installed
This security update contains updated versions of the following files:
File name Version ---------------------- Mso.dll 10.0.6714.0
To determine the version of an Office XP program that is installed on your computer, follow these steps.
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
- Click Start, and then click Search.
- In the Search Results pane, click All files and folders under Search Companion.
- In the All or part of the file name box, type Mso.dll, and then click Search.
- In the list of files, right-click the Mso.dll file, and then click Properties.
- On the Version tab, determine the Office XP version that is installed on your computer.
For more information about how to determine the version of Office XP on your computer, click the following article number to view the article in the Microsoft Knowledge Base:
291331 How to check the version of Office XP
Note If the Office XP security update: KB832332 is already installed successfully on your computer, you receive the following error message when you try to install the Office XP security update: KB832332:
List of issues that are fixed by the update
The Office XP security update: KB832332 fixes the issues that are described in the following Microsoft Knowledge Base articles:
829349 Description of the Office XP post-Service Pack 3 hotfix package for MSO.DLL: May 9, 2004
The Office XP security update: KB832332 also fixes the following issues.
An image that you inserted appears as a small red X
When you save an Office XP document as HTML, or when you view the Office document as a Web page, an image that you inserted may appear as a small red X.
An Office XP program closes unexpectedly, and you receive an error message
When you run an Office XP program, you may receive the following error message:
If you view the details of the error message, you receive an error signature that is similar to one of the following items.
Application Name Application Version Module Name Module Version Offset ---------------------------------------------------------------------------- Excel.exe 10.0.4302.0 Mso.dll 10.0.4219.0 00004d7a Excel.exe 10.0.4302.0 Mso.dll 10.0.4219.0 00005ae9 Excel.exe 10.0.4524.0 Mso.dll 10.0.4219.0 00004d7a Excel.exe 10.0.4524.0 Mso.dll 10.0.4219.0 00005ae9 Excel.exe 10.0.5815.0 Mso.dll 10.0.4219.0 00005ae9 Msaccess.exe 10.0.2627.1 Mso.dll 10.0.4219.0 00004d7a Msaccess.exe 10.0.2627.1 Mso.dll 10.0.4219.0 00005ae9 Msaccess.exe 10.0.4302.0 Mso.dll 10.0.4219.0 00004d7a Msaccess.exe 10.0.4302.0 Mso.dll 10.0.4219.0 00005ae9 Msaccess.exe 10.0.4510.0 Mso.dll 10.0.4219.0 00005ae9 Mspub.exe 10.0.2621.0 Mso.dll 10.0.4219.0 00005ae9 Mspub.exe 10.0.4128.0 Mso.dll 10.0.4219.0 00005ae9 Outlook.exe 10.0.2627.1 Mso.dll 10.0.4219.0 00005ae9 Outlook.exe 10.0.4024.0 Mso.dll 10.0.4219.0 00004d7a Outlook.exe 10.0.4024.0 Mso.dll 10.0.4219.0 00005ae9 Outlook.exe 10.0.4510.0 Mso.dll 10.0.4219.0 00004d7a Outlook.exe 10.0.4510.0 Mso.dll 10.0.4219.0 00005ae9 Outlook.exe 10.0.5320.0 Mso.dll 10.0.4219.0 00005ae9 Outlook.exe 10.0.5703.0 Mso.dll 10.0.4219.0 00005ae9 Outlook.exe 10.0.5709.0 Mso.dll 10.0.4219.0 00005ae9 Powerpnt.exe 10.0.2623.0 Mso.dll 10.0.4219.0 00005ae9 Powerpnt.exe 10.0.4205.0 Mso.dll 10.0.4219.0 00004d7a Powerpnt.exe 10.0.4205.0 Mso.dll 10.0.4219.0 00005ae9 Winword.exe 10.0.2627.0 Mso.dll 10.0.4219.0 00005ae9 Winword.exe 10.0.3416.0 Mso.dll 10.0.4219.0 00004d7a Winword.exe 10.0.4219.0 Mso.dll 10.0.4219.0 00004d7a Winword.exe 10.0.4219.0 Mso.dll 10.0.4219.0 00005ae9 Winword.exe 10.0.4524.0 Mso.dll 10.0.4219.0 00004d7a Winword.exe 10.0.4524.0 Mso.dll 10.0.4219.0 00005ae9 Winword.exe 10.0.5522.0 Mso.dll 10.0.4219.0 00004d7a Winword.exe 10.0.5522.0 Mso.dll 10.0.4219.0 00005ae9 Winword.exe 10.0.5815.0 Mso.dll 10.0.4219.0 00004d7a Winword.exe 10.0.5815.0 Mso.dll 10.0.4219.0 00005ae9
REFERENCES
If you are an administrator, you may want to install all required Graphics Device Interface Plus (GDI+) security updates in one batch process. For more information about how to create and use a batch file to silently install multiple GDI+ security updates, click the following article number to view the article in the Microsoft Knowledge Base:
885885 How to create and use a batch file to silently install multiple GDI+ security updates
For more information a known issue that may occur when you install the original version of this update, released September 14, on a Windows XP Service Pack 2-based computer, click the following article number to view the article in the Microsoft Knowledge Base:
885876 Important information that you must know about the MS04-028 security updates if you are using Windows XP Service Pack 2
For more information about deployment, click the following article numbers to view the articles in the Microsoft Knowledge Base:
885920 How to obtain and use the MS04-028 Enterprise Update Scanning Tool in environments that use Systems Management Server 2003 and Systems Management Server 2.0
886988 How to obtain and use the MS04-028 Enterprise Update Scanning Tool in environments that do not use Systems Management Server
Additional query words: security_patch security_update update security bug context flaw vulnerability malicious attacker exploit unauthenticated specially-formed scope specially-crafted affected
Keywords: atdownload kbsecbulletin kbsecurity kbupdate KB832332