Microsoft has released an update to Microsoft Office 2003. A vulnerability could allow arbitrary code to run when the system uses the converter to open a maliciously crafted document. The update resolves this vulnerability so that the files that the converter opens are handled appropriately. Note
This update is included in the Microsoft Office 2003 Service Pack 1 (SP1). If Office 2003 SP1 is installed on your computer, you do not have to install a security update for Microsoft Office 2003: WordPerfect 5.x Converter (KB873378).
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
870924back to the top
How to obtain the latest service pack for Office 2003
Security update detailsList of issues that this security update fixes
The security update for Microsoft Office 2003: WordPerfect 5.x Converter (KB873378) fixes the following issue that was not previously documented in the Microsoft Knowledge Base.
WordPerfect 5.x Convertor vulnerability
A vulnerability exists in the WordPerfect 5.x Converter that may enable arbitrary code to run when an Office 2003 program uses this converter to open a maliciously crafted document. back to the topInstallation detailsHow to obtain and install the security update
You can obtain the client and administrative security updates and the installation instructions and deployment strategies in the Microsoft Download Center. To download this security update from the Microsoft Download Center, visit the following Web site:back to the topHow to determine whether the security update is installed
The security update contains files with the versions that are listed in the following table:
File name Version ---------------------------------- Msconv97.dll 2003.1100.6252.0 Wpft532.cnv 2003.1100.6252.0
You do not have to install this security update if you have a later version of the files that are listed in the table.
For additional information about how to determine the version of WordPerfect 5.x convertor that is installed on your computer, click the following article number to view the article in the Microsoft Knowledge Base:
821549back to the topInformation for administrators about .msp files
How to check the version of Office 2003
The administrative security update is made up of a full-file Microsoft Windows Installer patch file (.msp file) that is packaged in a self-extracting executable file. The following .msp file is distributed in this security update:
Msconvff.mspback to the topFeatures for reinstalling specific components for administrators
If you update your administrative installation point and recache and reinstall Office 2003 on client computers, you can run a command line that includes the REINSTALL=[list of features]
property. This property specifies whether you want to reinstall specific components of Office 2003 from the administrative image. For security update for Microsoft Office 2003: WordPerfect 5.x Converter (KB873378), the value for [list of features
] is as follows.
Optionally, you can substitute the parameter REINSTALL=ALL
to reinstall all Microsoft Office components on the client computer.
For detailed procedures about how to update an administrative image and how to update client computers, see the "Updating clients from a patched administrative image" section in the "Distributing Office 2003 Product service packs" topic. To view the "Distributing Office 2003 Product service packs" topic, visit the following Microsoft Web site:
The Office Admin Update Center for Office IT Professionals contains the latest administrative updates and strategic deployment resources for all versions of Office. For more information about the Office Admin Update Center, visit the following Microsoft Web site:back to the top
WordPerfect 5.x Converter Office Security Patch Performance Reliability Update Download 2003 Fix