Description of the Visio 2003 security update: September 14, 2004 (838345)
The information in this article applies to:
- Microsoft Office Visio Professional 2003
- Microsoft Office Visio Standard 2003
SUMMARYMicrosoft has released a software update for Microsoft Office Visio 2003. This article describes how to download and how to install the Visio 2003 security update: KB838345. INTRODUCTIONThis update fixes a
vulnerability where a specially crafted image could allow an attacker's code to
run on a user's computer because of a vulnerability in the graphics interpreter
code. Note This update is included in Microsoft Office Visio 2003 Service Pack 1 (SP1). If Visio 2003 SP1 is installed on your computer, you do not have to install Visio 2003 security update: KB838345.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
873460
How to obtain the latest service pack for Visio 2003
Microsoft has released security bulletin MS04-028. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the whole security bulletin, visit the following Microsoft Web site: back to the
topMORE INFORMATIONInstallation detailsDownload and install the updateClient update If you installed Visio 2003 from a CD, you have the following
two options:
- Use the Microsoft Office Update Web site to automatically
install all the latest updates that include all the available service packs and
public updates.
- Install only the Visio 2003 security update: KB838345. To do this, follow the steps that are described later in this article.
Note We recommend that you install the client update by using
the Office Update Web site. The Office Update Web site detects your
particular installation of Visio 2003 and prompts you to install exactly what you
must have to make sure that your Visio 2003 installation is up-to-date. Office Update Web site To have the Office Update Web site detect the updates
that you have to install on your computer, visit the following Microsoft Web
site: After detection is complete, you receive a list of recommended
updates for your approval. Click Start Installation to
complete the process. Install only the Visio 2003 Security Update: KB838345 To download and install the update, follow these steps:
- Download the update.
The following
file is available for download from the Microsoft Download
Center:
Download the the Visio 2003 security update:
KB838345 package now. For additional information about how to download Microsoft Support
files, click the following article number to view the article in the Microsoft
Knowledge Base: 119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
Note To obtain a localized version of the Visio 2003 Security Update: KB838345, visit the following Microsoft Web site: - Click Save to save the
Visio2003-KB838345-FullFile-ENU.exe file to the selected folder.
- In Microsoft Windows Explorer, locate the folder where you
downloaded the file, and then double-click the
Visio2003-KB838345-FullFile-ENU.exe file.
- When you are prompted to install the update, click
Yes.
- Read the license agreement, and if you agree, click
Yes to accept the license agreement.
- If you are prompted to, insert the Visio 2003
installation CD into your computer's CD or DVD drive, and then
click OK.
- When you receive a message that says that the installation
was successful, click OK.
Note After you install the update, you cannot remove it. To revert to
an installation before you installed the update, you must remove Visio 2003 and
reinstall Visio 2003 again from the original CD. back to the topAdministrative updateIf you installed Visio 2003 from a server location, the server
administrator must update the server location with the administrative update
and deploy that update to your computer. If you are the server
administrator, follow these steps to download the administrative update:
- Download the update.
The following
file is available for download from the Microsoft Download
Center:
Download the the Visio 2003 security update:
KB838345 package now. For additional information about how to download Microsoft Support
files, click the following article number to view the article in the Microsoft
Knowledge Base: 119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most
current virus-detection software that was available on the date that the file
was posted. The file is stored on security-enhanced servers that help to
prevent any unauthorized changes to the file.
Note To obtain a localized version of the Visio 2003 Security Update: KB838345, visit the following Microsoft Web site: - In Microsoft Windows Explorer, create a new folder on drive C, and then name the folder KB838345.
- Click Save to save the
Visio2003-KB838345-FullFile-ENU.exe file to the C:\KB838345 folder.
- Click Start, click Run,
type cmd in the Open box, and then
click OK.
- At the command prompt, type the following lines, pressing
ENTER after each line:
cd\kb838345
Visio2003-KB838345-FullFile-ENU.exe /c /t:c:\kb838345 - Read the license agreement, and if you agree, click
Yes to accept the license agreement.
- At the command prompt, type exit to quit
Command Prompt.
- If you are familiar with the procedure for updating your
administrative installation, click Start, click
Run, type the following command in the Open
box:
msiexec /a AdminPath\MSI file /p c:\KB838345\MSP file SHORTFILENAMES=TRUE In this command, AdminPath
is the path of your administrative installation point for Visio 2003--for
example, C:\Visio2003, MSI file is the .msi
database package for Visio 2003--for example, Vispro.msi, and MSP
file is the name of the administrative update--for example,
Visio2003-KB838345-FullFile.msp.
Note You can append the /qb+ switch to the command line so that the End User License
Agreement dialog box does not appear. - To deploy the update to the client workstations, click
Start, click Run, type the following
command in the Open box:
msiexec /i AdminPath\MSI file /qb reinstall=Feature List REINSTALLMODE=vomu In this command,
AdminPath is the path of your administrative
installation point for Visio 2003--for example, C:\Visio2003, MSI
file is the MSI database package for Visio 2003--for example,
Vispro.msi, and Feature List is the case-sensitive
list of feature names that must be reinstalled for the update. To install all
the features, you can use the REINSTALL=ALL value, or you can install the following feature:
For additional information about how to update your administrative installation
and how to deploy to client workstations, click the following article number to
view the article in the Microsoft Knowledge Base: 829197
How to install updates to an administrative installation of Office 2003
For more information about how to deploy a Microsoft
Office 2003 update in a corporate environment, visit the following Microsoft
Web site: back to the topDetermine whether the update is installedThe update contains updated versions of the following files: Date Time Version Size File name
------------------------------------------------------
28-Feb-2004 10:16 6.0.3264.0 1,773,568 Gdiplus.dll
To determine whether the update is
installed on your computer, follow these steps: Note Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see your
product documentation to complete these steps.
- Click Start, and then click
Search.
- Under Search Companion, click All
files and folders.
- In the All or part of the file name box,
type Gdiplus.dll, and then click
Search.
- In the right pane, right-click the
Gdiplus.dll file, and then click Properties.
Note If more than one Gdiplus.dll file is installed on your computer,
make sure that you use the Gdiplus.dll file that is associated with Office
2003. In a standard installation of Visio 2003, the Gdiplus.dll file is located
in the following folder:C:\Program Files\Microsoft Office\Office11 - On the General tab, verify the
Created date, time, and size of the Gdiplus.dll file.
Note If the Visio 2003 security update: KB838345 is already installed
on your computer, you receive the following error message when you try to
install the Visio 2003 security update: KB838345: This
update has already been applied or is included in an update that has already
been applied. back to the
topList of issues that are fixed by the updateThe Visio 2003 security update: KB838345 fixes the following issue that was
previously not documented in the Microsoft Knowledge Base: - Vulnerability in the graphics interpreter code where a specially crafted image file could permit an attacker to run malicious code
A vulnerability in the graphics interpreter code exists
where a specially crafted image file that is inserted into a Visio 2003 drawing could
permit an attacker to run malicious code on a user's computer.
back
to the topREFERENCESIf you are an administrator, you may want to install all the required GDI+ security updates in one 'batch' process.
For additional information about how to create and use a batch file to silently install multiple GDI+ security updates, click the following article number to view the article in the Microsoft Knowledge Base:
885885
How to create and use a batch file to silently install multiple GDI+ security updates
Modification Type: | Minor | Last Reviewed: | 1/20/2005 |
---|
Keywords: | KbSECBulletin kbSecurity ATdownload kbBug kbfix kbUpdate KB838345 kbAudITPRO kbAudEndUser |
---|
|
|
©2004 Microsoft Corporation. All rights reserved.
|
|