You are currently offline, waiting for your internet to reconnect

PPT97: Update Available for HTML Script Vulnerability

This article was previously published under Q268477
This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft has released an update that eliminates a security vulnerability in Microsoft PowerPoint 97. Microsoft recommends that all users of PowerPoint 97 consider installing the PowerPoint 97 Add-In Security Update.

This vulnerability could allow a malicious Web site operator to save a file to a visitor's local hard disk without the visitor's knowledge. The file could then be used to execute various malicious tasks.

Product Versions Affected

All versions of Microsoft PowerPoint 97 can potentially be exploited through this security threat.

Update Availability

To obtain the PowerPoint 97 Add-In Security Update, please browse to the following Microsoft Web site and follow the download instructions: NOTE: There is a separate update for Office 2000, both PowerPoint and Excel. For additional information about the update for Office 2000, PowerPoint and Excel, click the article number below to view the article in the Microsoft Knowledge Base:
268457 PPT2000: Update Available for HTML Script Vulnerability

How to Download and Install the Update

Before you begin the installation, you must shut down all running programs, including Microsoft Office, Microsoft Project, and the Microsoft Office Shortcut Bar.
  1. Point your Web browser to the following Web site:
  2. Click Download Now!. Click Save this program to disk, and then click OK.
  3. Click Save to save the PPt97sec.exe file in the selected folder.
  4. In Windows Explorer, double-click PPt97sec.exe.
  5. Click Yes when you are asked whether you want to continue installing this update.
  6. Click Yes to accept the License Agreement.
  7. Click OK in the alert that indicates that the installation was successful.
IMPORTANT: After this update is applied, it cannot be uninstalled.

How to Verify That the Update Is Successful

The only changes made to Microsoft PowerPoint 97 are in the registry.

Files Contained in the PP97sec.exe Download

If you download PP97sec.exe and manually extract the files by using a command line similar to the following
C:\Downloads\PP97sec.exe /c /t:C:\PP97sec
the following files will be listed in the C:\PP97sec folder:
Frequently asked questions and answers about this vulnerability and the update can be found at the following Microsoft Web site:
hole hack sploit ppt97 patch ppt9

Article ID: 268477 - Last Review: 10/20/2013 23:28:37 - Revision: 2.4

Microsoft PowerPoint 97 Standard Edition

  • kbnosurvey kbarchive kbdownload kbfaq kbfix kbinfo KB268477