Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
OL2000: The Outlook View Control Exposes Unsafe Functionality
Article ID: 303833 - View products that this article applies to.
This article was previously published under Q303833
Microsoft has released an update that eliminates potential security vulnerability in Microsoft Outlook 2000. This update eliminates a security vulnerability that could allow certain scripts to run in conjunction with the Microsoft Outlook View Control.
The Outlook View Control is an ActiveX control that allows you to view Outlook e-mail folders in your Web browser. The control is not installed in Outlook 2000 by default, but was available as an ActiveX control download from Microsoft, and was released with Microsoft Outlook Team Folders 2000.
This security vulnerability is also described in the Microsoft Security bulletin, "Microsoft Security Bulletin MS01-038: Outlook View Control Exposes Unsafe Functionality," which is located at the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS01-038.mspxThis article describes how to download and apply the update.
How to Download and Install the Update
Client Update:If you installed Outlook 2000 from CD-ROM or from a network, follow these steps to download and install the client update.
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/EN-US/ )How to Obtain Microsoft Support Files from Online Services
Administrative Update:An administrative version is not available for the Outlook View Control update. The Microsoft Office 2000 Resource Kit contains several options for deploying the client update in your enterprise environment. For more information, click the following link:
http://www.microsoft.com/office/ork/xp/journ/ol2k-vc.htmIf your Office 2000 installation was performed from an Administrative installation point and you are using Admin patches, you can still apply this client patch to your machines because it is not a Windows Installer patch. The ActiveX control mentioned in this article that this patch is designed for is not part of the original product so there is no reference to these files in the Data1.msi which will enable this patch to be distributed to the client machines.
How to Determine Whether the Update Is InstalledThe update adds or replaces the Outlctlx.dll. Outlctlx.dll version will be updated to 10.0.0.3124.
Other InformationThe Outlook View Control was never installed as a component of an Office or Outlook installation. If you have this ActiveX control installed on your computer it has been installed by using one of the methods outlined in the Microsoft Knowledge Base article Q281618. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/281618/EN-US/ )OL2000: General Information About the Outlook View Control
NOTE: You can install the Outlook View Control update even if you do not yet have the Outlook View Control installed on your computer. This ensures that you have the updated version of the ActiveX control installed on your computer so that you are protected in the event you utilize the control in the future.