MS02-031: June 19, 2002 Cumulative Patches for Microsoft Excel and Microsoft Word

Traduzione articoli Traduzione articoli
Identificativo articolo: 324458 - Visualizza i prodotti a cui si riferisce l?articolo.
Questo articolo è stato archiviato. L?articolo, quindi, viene offerto ?così come è? e non verrà più aggiornato.
Espandi tutto | Chiudi tutto

In questa pagina

Sintomi

Microsoft has released updates for Excel 2002, Excel 2000, and Word 2002 that apply all previously released updates for these products. Additionally, these updates remove four newly discovered vulnerabilities:
  • An Excel macro execution vulnerability that relates to how inline macros that are associated with objects are handled. Because of this vulnerability, macros can be executed and bypass the Macro Security Model when the user clicks on an object in a workbook.
  • An Excel macro execution vulnerability that relates to how macros are handled in workbooks when those workbooks are opened through a hyperlink on a drawing shape. Macros in a workbook that is opened this way can run automatically.
  • An HTML script execution vulnerability that may occur if an Excel workbook with an XSL style sheet that contains HTML scripting is opened. The script in the XSL style sheet could be run in the local computer zone.
  • A new variant of the "Word Mail Merge" vulnerability that was first addressed in MS00-071. This new variant could enable an attacker's macro code to run automatically if the user had Microsoft Access present on the system and chose to open a mail merge document that had been saved in HTML format.
Mitigating Factors

Excel Inline Macros Vulnerability:
  • A successful attack that exploits this vulnerability would require that the user accept and open a workbook from an attacker.
  • Additionally, the user would have to click an object in the workbook.
  • There is no way for an attack that exploits this vulnerability to be automated.
Hyperlinked Excel Workbook Macro Bypass:
  • A successful attempt to exploit this vulnerability would require that the user accept and open an attacker's workbook.
  • Additionally, the user would have to click a drawing shape that contains a hyperlink.
  • An attacker's destination workbook would have to be accessible to the user, either on the local computer or an accessible network location.
Excel XSL Style Sheet Script Execution:
  • A user would have to accept and open an attacker's workbook to exploit this vulnerability.
  • Additionally, the user would have to acknowledge a security warning by selecting the non-default option.
Variant of MS00-071, Word Mail Merge Vulnerability:
  • The Word mail merge document would have to be saved in HTML format. Because Word is not the default handler for HTML applications, the user would have to choose to open the document in Word, or acknowledge a security warning.
  • A successful attack requires that Microsoft Access be installed locally.
  • The attacker's data source has to be accessible to the user across a network.

Risoluzione

Excel 2002

This Public Update is part of Microsoft Office XP Service Pack 2 (SP-2), but for your convenience the Public Update also is available individually. If you have already applied Office XP SP-2, you do not have to apply this Public Update. For additional information, click the article number about the latest service pack for Microsoft Office XP below to view the article about the latest service pack for Microsoft Office XP in the Microsoft Knowledge Base:
307841 OFFXP: How to Obtain the Latest Office XP Service Pack
For additional information about the public update, click the article number below to view the article in the Microsoft Knowledge Base:
323548 XL2002: Overview of Excel 2002 Update: June 19, 2002
The English-language version of this fix has the file attributes (or later) that are listed in the following table:
   Version      File name     
   ----------------------
   10.0.4109.0  Excel.exe
				

Excel 2000

The update for this problem is included in the "Excel 2000 SR-1 Update: June 19, 2002". For additional information about how to obtain this update and how to install it, click the article number below to view the article in the Microsoft Knowledge Base:
324126 XL2000: Overview of Excel 2000 SR-1 Update: June 19, 2002
The English-language version of this fix has the file attributes (or later) that are listed in the following table:
   Version   File name
   -------------------
   9.0.6508  Excel.exe
				

Word 2002

This Public Update is part of Microsoft Office XP Service Pack 2 (SP-2), but for your convenience the Public Update also is available individually. If you have already applied Office XP SP-2, you do not have to apply this Public Update. For additional information, click the article number about the latest service pack for Microsoft Office XP below to view the article about the latest service pack for Microsoft Office XP in the Microsoft Knowledge Base:
307841 OFFXP: How to Obtain the Latest Office XP Service Pack
For additional information about how public update, click the article number below to view the article in the Microsoft Knowledge Base:
323547 WD2002: Overview of Word 2002 Update: June 19, 2002
The English-language version of this fix has the file attributes (or later) that are listed in the following table:
   Version    File name     
   ----------------------
   10.0.4109  Winword.exe
				

Status

Excel 2000

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.

Excel 2002 and Word 2002

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Office XP Service Pack 2 (SP-2).

Informazioni

For more information about this vulnerability, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms02-031.asp

Proprietà

Identificativo articolo: 324458 - Ultima modifica: giovedì 6 febbraio 2014 - Revisione: 4.2
Le informazioni in questo articolo si applicano a:
  • Microsoft Excel 2000 Standard Edition
  • Microsoft Excel 2002 Standard Edition
  • Microsoft Word 2002 Standard Edition
Chiavi: 
kbnosurvey kbarchive kbbug kbfix kboffice2000presp3fix kbofficexppresp2fix kbofficexpsp2fix kbsecurity KB324458
LE INFORMAZIONI CONTENUTE NELLA MICROSOFT KNOWLEDGE BASE SONO FORNITE SENZA GARANZIA DI ALCUN TIPO, IMPLICITA OD ESPLICITA, COMPRESA QUELLA RIGUARDO ALLA COMMERCIALIZZAZIONE E/O COMPATIBILITA' IN IMPIEGHI PARTICOLARI. L'UTENTE SI ASSUME L'INTERA RESPONSABILITA' PER L'UTILIZZO DI QUESTE INFORMAZIONI. IN NESSUN CASO MICROSOFT CORPORATION E I SUOI FORNITORI SI RENDONO RESPONSABILI PER DANNI DIRETTI, INDIRETTI O ACCIDENTALI CHE POSSANO PROVOCARE PERDITA DI DENARO O DI DATI, ANCHE SE MICROSOFT O I SUOI FORNITORI FOSSERO STATI AVVISATI. IL DOCUMENTO PUO' ESSERE COPIATO E DISTRIBUITO ALLE SEGUENTI CONDIZIONI: 1) IL TESTO DEVE ESSERE COPIATO INTEGRALMENTE E TUTTE LE PAGINE DEVONO ESSERE INCLUSE. 2) I PROGRAMMI SE PRESENTI, DEVONO ESSERE COPIATI SENZA MODIFICHE, 3) IL DOCUMENTO DEVE ESSERE DISTRIBUITO INTERAMENTE IN OGNI SUA PARTE. 4) IL DOCUMENTO NON PUO' ESSERE DISTRIBUITO A SCOPO DI LUCRO.

Invia suggerimenti

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com