MS02-031: June 19, 2002 cumulative patches for Microsoft Excel and Microsoft Word (324458)


The information in this article applies to:

  • Microsoft Excel 2000
  • Microsoft Excel 2002
  • Microsoft Word 2002
This article was previously published under Q324458

SYMPTOMS

Microsoft has released updates for Excel 2002, Excel 2000, and Word 2002 that apply all previously released updates for these products. Additionally, these updates remove four newly discovered vulnerabilities:
  • An Excel macro execution vulnerability that relates to how inline macros that are associated with objects are handled. Because of this vulnerability, macros can be executed and bypass the Macro Security Model when the user clicks on an object in a workbook.
  • An Excel macro execution vulnerability that relates to how macros are handled in workbooks when those workbooks are opened through a hyperlink on a drawing shape. Macros in a workbook that is opened this way can run automatically.
  • An HTML script execution vulnerability that may occur if an Excel workbook with an XSL style sheet that contains HTML scripting is opened. The script in the XSL style sheet could be run in the local computer zone.
  • A new variant of the "Word Mail Merge" vulnerability that was first addressed in MS00-071. This new variant could enable an attacker's macro code to run automatically if the user had Microsoft Access present on the system and chose to open a mail merge document that had been saved in HTML format.
Mitigating Factors

Excel Inline Macros Vulnerability:
  • A successful attack that exploits this vulnerability would require that the user accept and open a workbook from an attacker.
  • Additionally, the user would have to click an object in the workbook.
  • There is no way for an attack that exploits this vulnerability to be automated.
Hyperlinked Excel Workbook Macro Bypass:
  • A successful attempt to exploit this vulnerability would require that the user accept and open an attacker's workbook.
  • Additionally, the user would have to click a drawing shape that contains a hyperlink.
  • An attacker's destination workbook would have to be accessible to the user, either on the local computer or an accessible network location.
Excel XSL Style Sheet Script Execution:
  • A user would have to accept and open an attacker's workbook to exploit this vulnerability.
  • Additionally, the user would have to acknowledge a security warning by selecting the non-default option.
Variant of MS00-071, Word Mail Merge Vulnerability:
  • The Word mail merge document would have to be saved in HTML format. Because Word is not the default handler for HTML applications, the user would have to choose to open the document in Word, or acknowledge a security warning.
  • A successful attack requires that Microsoft Access be installed locally.
  • The attacker's data source has to be accessible to the user across a network.

RESOLUTION

Excel 2002

This Public Update is part of Microsoft Office XP Service Pack 2 (SP-2), but for your convenience the Public Update also is available individually. If you have already applied Office XP SP-2, you do not have to apply this Public Update. For more information, click the following article number about the latest service pack for Microsoft Office XP to view the article about the latest service pack for Microsoft Office XP in the Microsoft Knowledge Base:

307841 How to obtain the latest Office XP service pack

For more information about the public update, click the following article number to view the article in the Microsoft Knowledge Base:

323548 Description of the Excel 2002 update: June 19, 2002

The English-language version of this fix has the file attributes (or later) that are listed in the following table:
   Version      File name     
   ----------------------
   10.0.4109.0  Excel.exe

Excel 2000

The update for this problem is included in the "Excel 2000 SR-1 Update: June 19, 2002". For more information about how to obtain this update and how to install it, click the following article number to view the article in the Microsoft Knowledge Base:

324126 Description of the Excel 2000 SR-1 update: June 19, 2002

The English-language version of this fix has the file attributes (or later) that are listed in the following table:
   Version   File name
   -------------------
   9.0.6508  Excel.exe

Word 2002

This Public Update is part of Microsoft Office XP Service Pack 2 (SP-2), but for your convenience the Public Update also is available individually. If you have already applied Office XP SP-2, you do not have to apply this Public Update. For more information about the latest service pack for Microsoft Office XP, click the following article number to view the article in the Microsoft Knowledge Base:

307841 How to obtain the latest Office XP service pack

For more information about the public update, click the following article number to view the article in the Microsoft Knowledge Base:

323547 Description of the Word 2002 Update: June 19, 2002

The English-language version of this fix has the file attributes (or later) that are listed in the following table:
   Version    File name     
   ----------------------
   10.0.4109  Winword.exe

STATUS

Excel 2000

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed at the beginning of this article.

Excel 2002 and Word 2002

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Microsoft Office XP Service Pack 2 (SP-2).

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-031.mspx

Modification Type:MinorLast Reviewed:11/15/2005
Keywords:KbSECBulletin kbDownload kbbug kbfix kbOffice2000preSP3fix kbOfficeXPPreSP2fix kbOfficeXPsp2fix kbSecurity KB324458
©2004 Microsoft Corporation. All rights reserved.