Description of the Project 2003 security update: September 14, 2004

Article translations Article translations
Article ID: 838344 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

This article describes how to download and how to install the Project 2003 Security Update: KB838344.

INTRODUCTION

This update fixes a vulnerability where a specially crafted image could allow an attacker’s code to run on a user’s computer because of a security vulnerability in the graphics interpreter code.

Note This update is included in Microsoft Office Project 2003 Service Pack 1 (SP1). If Project 2003 SP1 is installed on your computer, you do not have to install Project 2003 security update: KB838344.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
873459 How to obtain the latest service pack for Project 2003
Microsoft has released security bulletin MS04-028. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

MORE INFORMATION

How to download and how to install the update

Client update

If you installed Microsoft Office Project 2003 from a CD-ROM, you have the following two options:
  • Use the Microsoft Office Product Update Web site to automatically install all the latest updates that include all the available service packs and public updates.
  • Install only the Project 2003 security update: KB838344 by following the steps that are described later in this article.
Note We recommend that you install the client update by using the Office Update Web site. The Microsoft Office Update Web site detects your particular installation of Microsoft Project and prompts you to install exactly what you must have to make sure that your Project installation is up-to-date.

Microsoft Office Update Web site


To have the Microsoft Office Update Web site detect the updates that you have to install on your computer, visit the following Microsoft Web site:
http://office.microsoft.com/en-us/downloads/FX101321101033.aspx
After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Install only the Project 2003 security update: KB838344


To download and install the update, follow these steps:
  1. Download the update.

    The following file is available for download from the Microsoft Download Center:

    Collapse this imageExpand this image
    Download
    Download the Project 2003 Security Update: KB838344 package now.

    For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
    119591 How to Obtain Microsoft Support Files from Online Services
    Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

    Note To obtain a localized version of the Project 2003 838344 security update, visit the following Microsoft Web site:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=9e37b6b0-a028-47ea-8fa1-3705877a2908
  2. Click Save to save the Project2003-KB838344-FullFile-ENU.exe file to the selected folder.
  3. In Microsoft Windows Explorer, locate the folder where you downloaded the file, and then double-click the Project2003-KB838344-FullFile-ENU.exe file.
  4. When you are prompted to install the update, click Yes.
  5. Read the license agreement, and if you agree, click Yes to accept the license agreement.
  6. Insert your Project 2003 CD in the computer’s CD or DVD drive if you are prompted to do so, and then click OK.
  7. When you receive a message that says that the installation was successful, click OK.
Note After you install the update, you cannot remove it. To revert to an installation before you installed the update, you must remove Project 2003 and reinstall Project 2003 again from the original CD-ROM.

Administrative update

If you installed Project 2003 from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

If you are the server administrator, follow these steps to download the administrative update:
  1. Download the update.

    The following file is available for download from the Microsoft Download Center:

    Collapse this imageExpand this image
    Download
    Download the Project 2003 Security Update: KB838344 package now.

    For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
    119591 How to Obtain Microsoft Support Files from Online Services
    Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

    Note To obtain a localized version of the Project 2003 838344 security update, visit the following Microsoft Web site:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=9e37b6b0-a028-47ea-8fa1-3705877a2908
  2. In Microsoft Windows Explorer, create a new folder on the drive C, and then name the folder KB838344.
  3. Click Save to save the Project2003-KB838344-FullFile-ENU.exe file to the C:\KB838344 folder.
  4. Click Start, click Run, type cmd in the Open box, and then click OK.
  5. At the command prompt, type the following lines, pressing ENTER after each line:
    cd\kb838344
    Project2003-KB838344-FullFile-ENU.exe /c /t:c:\kb838344
  6. Read the license agreement, and if you agree, click Yes to accept the license agreement.
  7. At the command prompt, type exit to quit Command Prompt.
  8. If you are familiar with the procedure for updating your administrative installation, click Start, and then click Run. Type the following command in the Open box:
    msiexec /a AdminPath\MSI file /p c:\KB838344\MSP file SHORTFILENAMES=TRUE
    In this command, AdminPath is the path of your administrative installation point for Project 2003 (for example, C:\Project2003), MSI file is the .msi database package for Project 2003 (for example, Prjproe.msi), and MSP file is the name of the administrative update (for example, Project2003-KB838344-FullFile.msp).

    Note You can append the/qb+ switch to the command line so that the End User License Agreement dialog box does not appear.
  9. To deploy the update to the client workstations, click Start, and then click Run. Type the following command in the Open box:
    msiexec /i AdminPath\MSI file reinstall=Feature List REINSTALLMODE=vomu
    In this command, AdminPath is the path of your administrative installation point for Project 2003 (for example, C:\Project2003), MSI file is the MSI database package for Project 2003 (for example, Prjproe.msi), and Feature List is the case-sensitive list of feature names that must be reinstalled for the update. To install all the features, you can use the REINSTALL=ALL value, or you can install the following feature(s):
    ProductNonBootFiles
For additional information about how to update your administrative installation and how to deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:
829197 How to install updates to an administrative installation of Office 2003
For more information about how to deploy a Microsoft Office 2003 update in a corporate environment, visit the following Microsoft Web site:
http://www.microsoft.com/office/ork/2003/five/ch18/MntA01.htm#sub_2

How to determine whether the update is installed

The update contains updated versions of the following file:
   Date         Time   Version     Size       File name
------------------------------------------------------
28-Feb-2004  10:16  6.0.3264.0  1,773,568  Gdiplus.dll
To determine whether the update is installed on your computer, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
  1. Click Start, and then click Search.
  2. Under Search Companion, click All files and folders.
  3. In the All or part of the file name box, type Gdiplus.dll, and then click Search.
  4. In the right pane, right-click the Gdiplus.dll file, and then click Properties.

    Note If more than one Gdiplus.dll file is installed on your computer, make sure that you use the Gdiplus.dll file that is associated with Office 2003.
  5. On the General tab, verify the created date, the time, and the size of the Gdiplus.dll file.
Note If the Project 2003 security update: KB838344 is already installed on your computer, you receive the following error message when you try to install the Project 2003 security update: KB838344:
This update has already been applied or is included in an update that has already been applied.

List of issues that are fixed by the update

The Project 2003 security update: KB838344 fixes the following issue that was previously not documented in the Microsoft Knowledge Base.

Vulnerability in the graphics interpreter code where a specially crafted image file could permit an attacker to run malicious code

A vulnerability in the graphics interpreter code exists where a specially crafted image file that is inserted to a project plan could permit an attacker to run malicious code on a user's computer.


REFERENCES

If you are an administrator you may want to install all required GDI+ security updates in one 'batch' process. For additional information about how to create and use a batch file to silently install multiple GDI+ security updates, click the following article number to view the article in the Microsoft Knowledge Base:
885885 How to create and use a batch file to silently install multiple GDI+ security updates for Office programs

Properties

Article ID: 838344 - Last Review: January 9, 2007 - Revision: 1.9
APPLIES TO
  • Microsoft Office Project Professional 2003
  • Microsoft Office Project Standard 2003
Keywords: 
kbsecbulletin atdownload kbsecurity kbbug kbfix kbupdate KB838344

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com