WD2002: Malformed Word Document Could Enable Macro to Run Automatically (302294)


The information in this article applies to:

  • Microsoft Word 2002
This article was previously published under Q302294

SUMMARY

Microsoft has released an update that eliminates a security vulnerability in Microsoft Word 2002. This update, the Word 2002 Update: June 21, 2001, eliminates a security vulnerability that could allow certain macros to run in malformed documents without a warning to the user.

This update is also described in the following Microsoft security bulletin, "Microsoft Security Bulletin MS01-034: Malformed Word Document Could Enable Macro to Run Automatically":

http://www.microsoft.com/technet/security/bulletin/MS01-034.mspx

MORE INFORMATION

To correct this problem, download and install the latest update for Word 2002. The latest update includes this and other Word-specific updates. For additional information about the Word 2002 Update: June 21, 2001, click the article number below to view the article in the Microsoft Knowledge Base:

300553 WD2002: Overview of the Word 2002 Public Update: June 14, 2001

How to Download and Install the Update

Client Update

If you installed Word from CD-ROM, follow these steps to download and install the client update:
  1. Using your Web browser, browse to the following Microsoft Web site:

    http://office.microsoft.com/downloads/2002/wrd1001.aspx

  2. Click Download Now. Click Save this program to disk, and then click OK.
  3. Click Save to save the Wrd1001.exe file to the selected folder.
  4. In Windows Explorer, double-click Wrd1001.exe.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the License Agreement.
  7. Insert your Office XP CD-ROM when you are prompted to do so, and then click OK.
  8. When you receive a message that indicates the installation was successful, click OK.
NOTE: After you install the public update, you cannot uninstall it.

Administrative Update

If you installed Word from a server location, the server administrator must update the server location with the administrative public update and deploy that update to your computer.

If you are the server administrator, follow these steps to download the administrative update:
  1. Browse to following Microsoft Web site:

    http://download.microsoft.com/download/OfficeXPProf/Patch/5.0.2919.6304.wd/W982KMeXP/EN-US/WRD1001a.exe

  2. Download the file to your desktop.
  3. In Windows Explorer, double-click the Wrd1001a.exe file.
  4. Click Yes to accept the License Agreement.
  5. In the Please type the location where you want to place the extracted files box, type C:\wrd1001a, and then click OK. Click Yes when you are prompted to create the folder.
If you are familiar with the procedure for updating your administrative installation, click Start and then click Run. Type the following command in the Open box

msiexec /a Admin Path\MSI File /p C:\wrd1001a\winword_admin.msp SHORTFILENAMES=1

where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), and

where MSI File is the MSI database package for the Office XP product (for example, ProPlus.msi).

To deploy the update to the client workstations, click Start and then click Run. Type the following command in the Open box

msiexec /i Admin Path\MSI File REINSTALL=WORDFiles REINSTALLMODE=vomus

where Admin Path is the path to your administrative installation point for Office XP (for example, C:\OfficeXP), and

where MSI File is the MSI database package for the Office XP product (for example, ProPlus.msi).

For additional information about how to update your administrative installation and deploy to client workstations, click the article number below to view the article in the Microsoft Knowledge Base:

301348 OFFXP: How to Install a Public Update to Administrative Installations

This article contains standard instructions for installing an administrative public update.

Or, you can refer to the following article in the Microsoft Office XP Resource Kit:

http://www.microsoft.com/office/ork/xp/journ/Wdxp6-21.htm

How to Determine Whether the Update Is Installed

The update affects the file Winword.exe and updates the version of Microsoft Word 2002 to version 10.2930.2625. Click About Microsoft Word on the Help menu in Microsoft Word to determine the version.

Files Contained in Wrd1001.exe

If you download Wrd1001.exe and manually extract the files by using a command line similar to the following

C:\Windows\Desktop\wrd1001.exe /c /t:C:\wrd1001

the following files will be listed in the C:\wrd1001 folder:

Ohotfix.exe
Ohotfix.ini
Ohotfixr.dll
Winword.msp

How to Get an Update Log File

By default, the "Word 2002 Update: June 21, 2001" installation creates two log files during the update. The log files are created in your \Temp\OHotfix folder and have names similar to the following:

OHotfix(00001).log
OHotfix(00001)_Msi.log

You may have more than one pairing of log files with these names, with the only difference being the number in the names. The highest numbered pair corresponds to the update that you ran most recently.

REFERENCES

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

301405 OAER: Word 2002 Stops Responding When You Insert AutoShape

300935 OAER: Outlook Quits Unexpectedly After You Send a Message Using Word Mail

300937 OAER: Word 2002 Stops Responding When Function Keys Are Used to Repeat AutoText Insertion

300428 WD2002: Heading Numbers Do Not Appear in Table of Contents

Modification Type:MinorLast Reviewed:7/27/2006
Keywords:kbdownload kbhowto KB302294
©2004 Microsoft Corporation. All rights reserved.