MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office could allow remote code execution

Article translations Article translations
Article ID: 973965 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

Microsoft has released security bulletin MS09-060. To view the complete security bulletin, visit one of the following Microsoft Web sites:

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

MORE INFORMATION

Known issues and additional information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:
972363 MS09-060: Description of the security update for Outlook 2007: October 13, 2009
973702 MS09-060: Description of the security update for Microsoft Outlook 2002: October 13, 2009
973705 MS09-060: Description of the security update for Outlook 2003: October 13, 2009
973709 MS09-060: Description of the security update for Visio Viewer 2007: October 13, 2009
974234 MS09-060: Description of the security update for the 2007 Office system: October 13, 2009
974554 MS09-060: Description of the security update for Office 2003: October 13, 2009
974556 MS09-060: Description of the security update for Office XP: October 13, 2009

Where is the update for Visio Viewer 2002 and Visio Viewer 2003?

We recommend that all users of Visio Viewer 2003 and Visio Viewer 2003 upgrade to the latest, free version of Visio Viewer 2007 to address this security vulnerability. Users who cannot upgrade should apply the update from MS09-034. This Internet Explorer update mitigates the attack vector for affected Visio Viewer platforms. Users may also apply the kill bit for the affected control by using the procedures that are listed in the workaround sections of this bulletin. A kill bit for these controls will be included in a future cumulative security update for Internet Explorer.

For more information about the cumulative security update for Internet Explorer, MS09-034, click the following article number to view the article in the Microsoft Knowledge Base:
972260 MS09-034: Cumulative security update for Internet Explorer

Why are Knowledge Base articles 974554, 974556, and 974234 not listed in the security bulletin?

These packages do not contain security updates and do not correct any security-related issues. However, these updates resolve a problem that can cause programs that use Outlook View Control with Forms 2.0, such as Microsoft Office Outlook with Business Contact Manager, to stop functioning as expected after Security Update. If you use Outlook View Control with Forms 2.0, we encourage you to apply these updates after installing the security update

Properties

Article ID: 973965 - Last Review: May 23, 2012 - Revision: 4.0
APPLIES TO
  • Microsoft Office 2003 Service Pack 3, when used with:
    • Microsoft Office Basic Edition 2003
    • Microsoft Office Professional Edition 2003
    • Microsoft Office Professional Enterprise Edition 2003
    • Microsoft Office Standard Edition 2003
    • Microsoft Office Student and Teacher Edition 2003
    • Microsoft Office Outlook 2003
  • Microsoft Office Visio Viewer 2007
  • 2007 Microsoft Office Suite Service Pack 1, when used with:
    • Microsoft Office Basic 2007
    • Microsoft Office Enterprise 2007
    • Microsoft Office Professional 2007
    • Microsoft Office Small Business 2007
    • Microsoft Office Standard 2007
    • Microsoft Office Ultimate 2007
    • Microsoft Office Visio Viewer 2007
    • Microsoft Office Outlook 2007
  • 2007 Microsoft Office Suite Service Pack 2, when used with:
    • Microsoft Office Basic 2007
    • Microsoft Office Enterprise 2007
    • Microsoft Office Professional 2007
    • Microsoft Office Small Business 2007
    • Microsoft Office Standard 2007
    • Microsoft Office Ultimate 2007
    • Microsoft Office Visio Viewer 2007
    • Microsoft Office Outlook 2007
Keywords: 
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability kbsurveynew KB973965

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com