Update available for HTML script vulnerability

Article translations Article translations
Article ID: 268365 - View products that this article applies to.
This article was previously published under Q268365
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

Summary

Microsoft has released an update that eliminates a security vulnerability in Microsoft Excel 2000 and PowerPoint 2000. This update, the Excel and PowerPoint 2000 SR-1 Add-In Security Update, eliminates a security vulnerability that could allow unsafe scripts to be run in Microsoft Excel 2000 or Microsoft PowerPoint 2000 when you view a Web page or HTML e-mail message. To prevent unsafe scripts from running, this update makes changes to the registry and eliminates the ability to run unsafe Excel or PowerPoint scripts by using the Internet Explorer Object Model.

NOTE: To use the Excel and PowerPoint 2000 SR-1 Add-In Security Update, you must first install Office 2000 SR-1 or Office 2000 Service Release 1a (SR-1a).

System administrators can find additional information and the administrator version of this update at the following Microsoft Web site:
Microsoft Office Resource Kit

To learn more about the Excel and PowerPoint 2000 SR-1 Add-In Security Update, please see the Microsoft Security Bulletin MS00-049: Frequently Asked Questions.

NOTE: There are two separate updates: one for both PowerPoint 2000 and Excel 2000, and the other for Microsoft PowerPoint 97. Microsoft Excel 97 is not affected by this vulnerability. For more information about the Microsoft PowerPoint 97 version of this update, click the following article number to view the article in the Microsoft Knowledge Base:
268477 Update available for HTML script vulnerability

More information

How to download and install the update

IMPORTANT:
To install the update, you must have access to your original Excel or Office CD. (One exception is if you installed from a "flat copy" of the CD stored on a network server. A "flat copy" is not the same as an administrative installation.)If you installed from a network administrative installation to your workstation, you should contact your administrator about obtaining this update. Do not attempt to apply this update to your workstation. For more information about how to apply this update to an administrative installation, click the following article number to view the article in the Microsoft Knowledge Base:
268654 Administrative update available for HTML script vulnerability
You must shut down all running programs, including Microsoft Office, Microsoft Project, and the Microsoft Office Shortcut Bar, before you begin the installation.
Follow these steps to download and install the update:
  1. Point your Web browser to the following Web site:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=5c011c70-47d0-4306-9fa4-8e92d36332fe&DisplayLang=en
  2. Click Download. Click Save, and then click OK.
  3. Click Save to save the O2kSp3.exe file to the selected folder.
  4. In Windows Explorer, double-click O2kSp3.exe.
  5. Click Yes when you are asked whether to install this update.
  6. Click Yes to accept the License Agreement.
  7. If you are prompted to insert your Office 2000 CD, do this, and then click OK.
  8. Click OK in the alert that indicates that the installation was successful.

Files contained in the O2kSp3.exe download

If you download O2kSp3.exe and manually extract the files by using a command line similar to the following:
C:\Downloads\O2kSp3.exe /c /t:C:\Addinsec
the following files will be listed in the C:\Addinsec folder:
ARTSP3.msp
launcher.exe
MAINSP3.msp
Readme.txt
ohotfix.exe
ohotfix.ini
ohotfixr.dll
outlctlx.exe
SP3CD2.msp

How to verify that the update is successful

To verify whether the installation of the update was successful, you can check that the version of the Excel.exe file on your system is equal to or later than 9.0.4307. By default, Excel.exe is in the following location on your computer:
C:\Program Files\Microsoft Office\Office

References

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
268457 Update available for HTML script vulnerability
268477 Update available for HTML script vulnerability
266134 History of Office 2000 updates
248710 Overview and history of Office 97 patches
268654 Administrative update available for HTML script vulnerability

Properties

Article ID: 268365 - Last Review: November 2, 2013 - Revision: 2.0
Applies to
  • Microsoft Excel 2000 Standard Edition
Keywords: 
kbnosurvey kbarchive kbdownload kbbug kbfix KB268365

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com