Updates for Microsoft Office Products
Microsoft Office 2000, Microsoft Office XP, Microsoft Visio 2002
If you use Office 2000, Office XP, Visio 2002, or individual Office products that are not previously listed, you must use one of the custom update security patches for these products. These updates are designed to make sure that correct patching occurs when you use Install on Demand
and Detect and Repair
in Office setup. Microsoft recommends that you use this method for updating these products.
For additional information about these packages, click the following article number to view the article in the Microsoft Knowledge Base:
MS03-037: Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution
Microsoft Works Suite
If you use Microsoft Works Suite, Microsoft recommends that you install the security patch by using the Office Product Updates Web site. The Office Product Updates Web site detects your particular Office installation and then prompts you to install exactly what you must have to make sure that your Office installation is completely up-to-date.
For additional information about Office Product Updates and to detect the required updates that you must install on your computer, visit the following Microsoft Web site:
After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation
to complete the process.Note
If you are using Microsoft Works Suite, you may also update your system with the security patch that is available from this article.
Microsoft Visio 2000 or Microsoft Office 97
If you are using Visio 2000 or Office 97, you must immediately update your system with the security patch that is available from this article.Note
If you use a Microsoft Office 2003 family product, you have this security patch already, and you do not have to update your system.
Security Patch Information
The following security patch is intended for any application that has integrated VBA by using the Microsoft Visual Basic for Applications Software Development Kit (VBA SDK) version 5.0, version 6.0, version 6.1, version 6.2, or version 6.3. Microsoft recommends that companies that have licensed and that have built VBA-enabled applications must use this security patch for all new installations. Those companies may freely distribute the fix and the files in a manner that is suitable for their application setup.
Microsoft recommends that all VBA clients must update their version of the VBA engine (VBE or VBE6) as soon as possible. Clients who have a VBA-enabled application must contact the application maker to verify if a specialized security patch or an inclusive update is available for that application. If a specialized security patch or an inclusive update is not yet available, or if the product is one of the previous Microsoft products, you must download and then install the following security patch.
The following files are available for download from the MicrosoftDownload Center:
Release Date: September 3, 2003
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Close all applications that use VBA, and then run the update. You are prompted to confirm the setup. You do have to restart unless VBA is in use by another process. Developers who want to obtain the security patched version of VBE or VBE6 without installing the security patch can do so by using the appropriate Setup switch.
This security patch supports the following Setup switches:
- /q: Quiet mode (Suppresses dialog boxes when files are being extracted.)
- /q:u: Quiet mode (There is limited prompting to the user.)
- /q:a: Administrative Quiet mode (There are no dialog boxes.)
- /c: Extract files without installing them. (If the /t switch is not present, you are prompted for the path.)
- /t:[path]: Path of the extract files (This is used with the /c switch.)
- /r:a: Always restart the computer after installation.
- /r:n: Never restart the computer after installation.
- /r:s: Restart the computer without prompting the user.
- /n:v: No version checking (Always install over the existing version.)
You can combine these Setup switches in one command line.
There is no feature to remove this security patch. If you must roll back the security patch, you must rename your existing copies of VBE or VBE6 before you run the setup.
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone
tab in the Date and Time tool in Control Panel.
Applications That Use VBA 6.0 (or later)
Date Time Version Size File name -------------------------------------------------------------- 04-Jun-2003 15:42 8,725 Eula.txt 03-Jul-2003 20:19 220.127.116.11 2,502,656 Vbe6.dll
Applications That Use VBA 5.0
Date Time Version Size File name -------------------------------------------------------------- 11-Jun-2003 15:05 18.104.22.168 749,568 Vbe.dll 04-Jun-2003 10:42 8,725 Eula.txt
Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article .