Article ID: 268365 - Last Review: January 27, 2007 - Revision: 7.4

Update available for HTML script vulnerability

View products that this article applies to.
This article was previously published under Q268365

On This Page

Expand all | Collapse all

SUMMARY

Microsoft has released an update that eliminates a security vulnerability in Microsoft Excel 2000 and PowerPoint 2000. This update, the Excel and PowerPoint 2000 SR-1 Add-In Security Update, eliminates a security vulnerability that could allow unsafe scripts to be run in Microsoft Excel 2000 or Microsoft PowerPoint 2000 when you view a Web page or HTML e-mail message. To prevent unsafe scripts from running, this update makes changes to the registry and eliminates the ability to run unsafe Excel or PowerPoint scripts by using the Internet Explorer Object Model.

NOTE: To use the Excel and PowerPoint 2000 SR-1 Add-In Security Update, you must first install Office 2000 SR-1 or Office 2000 Service Release 1a (SR-1a) (http://www-owtest.dns.microsoft.com/2000/downloadDetails/O2kSR1DDL.htm) .

System administrators can find additional information and the administrator version of this update at the following Microsoft Web site:
Microsoft Office Resource Kit (http://www.microsoft.com/office/ork/)

To learn more about the Excel and PowerPoint 2000 SR-1 Add-In Security Update, please see the Microsoft Security Bulletin MS00-049: Frequently Asked Questions (http://www.microsoft.com/technet/security/bulletin/fq00-049.mspx) .

NOTE: There are two separate updates: one for both PowerPoint 2000 and Excel 2000, and the other for Microsoft PowerPoint 97. Microsoft Excel 97 is not affected by this vulnerability. For more information about the Microsoft PowerPoint 97 version of this update, click the following article number to view the article in the Microsoft Knowledge Base:
268477  (http://support.microsoft.com/kb/268477/ ) Update available for HTML script vulnerability
Back to the top

MORE INFORMATION

How to download and install the update

IMPORTANT:
To install the update, you must have access to your original Excel or Office CD. (One exception is if you installed from a "flat copy" of the CD stored on a network server. A "flat copy" is not the same as an administrative installation.)If you installed from a network administrative installation to your workstation, you should contact your administrator about obtaining this update. Do not attempt to apply this update to your workstation. For more information about how to apply this update to an administrative installation, click the following article number to view the article in the Microsoft Knowledge Base:
268654  (http://support.microsoft.com/kb/268654/ ) Administrative update available for HTML script vulnerability
You must shut down all running programs, including Microsoft Office, Microsoft Project, and the Microsoft Office Shortcut Bar, before you begin the installation.
Follow these steps to download and install the update:
  1. Point your Web browser to the following Web site:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=5c011c70-47d0-4306-9fa4-8e92d36332fe&DisplayLang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=5c011c70-47d0-4306-9fa4-8e92d36332fe&DisplayLang=en)
  2. Click Download. Click Save, and then click OK.
  3. Click Save to save the O2kSp3.exe file to the selected folder.
  4. In Windows Explorer, double-click O2kSp3.exe.
  5. Click Yes when you are asked whether to install this update.
  6. Click Yes to accept the License Agreement.
  7. If you are prompted to insert your Office 2000 CD, do this, and then click OK.
  8. Click OK in the alert that indicates that the installation was successful.
Back to the top

Files contained in the O2kSp3.exe download

If you download O2kSp3.exe and manually extract the files by using a command line similar to the following:
C:\Downloads\O2kSp3.exe /c /t:C:\Addinsec
the following files will be listed in the C:\Addinsec folder:
ARTSP3.msp
launcher.exe
MAINSP3.msp
Readme.txt
ohotfix.exe
ohotfix.ini
ohotfixr.dll
outlctlx.exe
SP3CD2.msp
Back to the top

How to verify that the update is successful

To verify whether the installation of the update was successful, you can check that the version of the Excel.exe file on your system is equal to or later than 9.0.4307. By default, Excel.exe is in the following location on your computer:
C:\Program Files\Microsoft Office\Office
Back to the top

REFERENCES

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
268457  (http://support.microsoft.com/kb/268457/ ) Update available for HTML script vulnerability
268477  (http://support.microsoft.com/kb/268477/ ) Update available for HTML script vulnerability
266134  (http://support.microsoft.com/kb/266134/ ) History of Office 2000 updates
248710  (http://support.microsoft.com/kb/248710/ ) Overview and history of Office 97 patches
268654  (http://support.microsoft.com/kb/268654/ ) Administrative update available for HTML script vulnerability
Back to the top
APPLIES TO
  • Microsoft Excel 2000 Service Pack 1
  • Microsoft Excel 2000 Standard Edition
Back to the top
Keywords: 
kbdownload kbbug kbfix KB268365
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations