MS09-073: Description of the security update for Office 2003: December 8, 2009
Microsoft has released security bulletin MS09-073. To view the complete security bulletin, visit one of the following Microsoft Web sites:
- Home users:Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
- IT professionals:
How to obtain help and support for this security updateHelp installing updates: Support for Microsoft Update
Security solutions for IT professionals: TechNet Security Troubleshooting and Support
Help protect your computer that is running Windows from viruses and malware:Virus Solution and Security Center
Local support according to your country: International Support
More information about this security update
Known issues with this security updateThe Html32.cnv file is installed from any one of the following sources:
- Microsoft Windows NT 4.0
- Microsoft Windows 2000
- Windows Server 2003
- Windows XP
- Microsoft Office FrontPage 2003 (Html32.cnv only)
- A version of Microsoft Office 2003 that includes FrontPage 2003 (Html32.cnv only)
If Office is not installed, the Office update will not install on the computer. WordPad or Office will not use these converter files, although they remain present on the system.
By default, if Office is installed, the Mswrd832.cnv and Msconv97.dll files are installed only on first use by Office. The files in the TextConv location may not be the Office versions of the files but the operating system versions.
After you install this security update, the Mswrd832.cnv and Msconv97dll files may not be updated. However, the update will install the updated files in the MSOCache. The first time that you open a Word file, the updated converter will be installed into the TextConv location. This is by design.
Note The HTML32.cnv file may not be updated if you are running a version of Office 2003 that does not include FrontPage.
Am I still vulnerable after I apply this update?
No. WordPad uses the WPC files in the TextConv location to open files. When Office requests a relevant file to be loaded, the latest copy that was updated by the security update will be installed from MSOCache.
Prerequisites to install this security updateTo apply this security update, you must have Office 2003 Service Pack 3 (SP3) installed.
For more information about how to obtain this service pack, click the following article number to view the article in the Microsoft Knowledge Base:
870924 How to obtain the latest service pack for Office 2003
Removal informationTo remove this security update, use the Add or Remove Programs item in Control Panel.
The English (United States) version of this security update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Microsoft Office 2003
update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted denial of service DoS TSE
Article ID: 975051 - Last Review: 05/08/2012 22:04:00 - Revision: 3.0
Microsoft Office Basic Edition 2003, Microsoft Office Professional Edition 2003, Microsoft Office Standard Edition 2003
- kboffice2003sp3fix kbsurveynew kbfix kbbug kbsecvulnerability kbsecbulletin kbsecurity kbqfe kbexpertiseinter KB975051