MS06-059: Vulnerabilities in Excel could allow remote code execution

Support for Office 2003 has ended

Microsoft ended support for Office 2003 on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
INTRODUCTION
Microsoft has released security bulletin MS06-059. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites, depending on whether you are a home user or an IT professional:

Information about the re-release version of security update 923089 for Excel 2002 (December 12, 2006)

Summary

Some Microsoft Excel 2002 users who have Microsoft Windows Installer 2.0 installed received indication that the original version of security update 923089 for Excel 2002 was installed successfully. However, the actual binary file, Excel.exe, was not updated to the secure version. The re-release version of security update 923089 for Excel 2002 corrects this issue.

To determine whether you are in this state, verify the version of Excel.exe that you have installed. You are affected by this issue if you installed the original version of security update 923089 for Excel 2002, and if the file version is still earlier than 10.0.6816.0. In this case, you must install the re-release version of security update 923089 for Excel 2002.

Question and answer

Q: Why am I offered the re-release version of security update 923089 for Excel 2002 on Microsoft Update and Office Update even though I am not affected by the issue?

A: This re-released update supersedes the earlier Excel 2002 update. Therefore, the detection automatically offers the latest update to all users. If you are not affected by this issue, you do not have to install the re-release version of security update 923089 for Excel 2002.

Issues that the security update fixes

In addition to the issues that are described in the security bulletin, this security update addresses the issues that are described in the following Microsoft Knowledge Base articles:
  • 923090 Description of the security update for Excel 2000: October 10, 2006
  • 923089 Description of the security update for Excel 2002: October 10, 2006
  • 923088 Description of the security update for Excel 2003: October 10, 2006
  • 923275 Description of the security update for Excel Viewer 2003: October 10, 2006
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE WinNT Win2000
Properties

Article ID: 924164 - Last Review: 01/16/2015 02:03:15 - Revision: 2.2

  • Microsoft Office Excel 2003
  • Microsoft Office Excel Viewer 2003
  • Microsoft Excel 2002 Standard Edition
  • Microsoft Excel 2000 Standard Edition
  • Microsoft Excel 2004 for Mac
  • Microsoft Excel X for Mac
  • Microsoft Works Suite 2006
  • Microsoft Works Suite 2005
  • Microsoft Works Suite 2004
  • kbnosurvey kbarchive kbexpertisebeginner kbqfe kbsecurity kbsecbulletin kbsecvulnerability kbbug kbfix kbpubtypekc kboffice2003presp3fix KB924164
Feedback