XL97: Excel 97 SR-2 Macro Modification Security Update (MS02-031) (325746)


The information in this article applies to:

  • Microsoft Excel 97 for Windows
  • Microsoft Visual Studio, Enterprise Edition 6.0
This article was previously published under Q325746

SYMPTOMS

The Microsoft Excel vulnerabilities that are outlined in the Microsoft Security Bulletin MS02-031 include the following two items that also apply to Excel 97:
  • An Excel macro execution vulnerability that relates to how inline macros that are associated with objects are handled. Because of this vulnerability, macros can be executed and bypass the Macro Security Model when the user clicks on an object in a workbook.
  • An Excel macro execution vulnerability that relates to how macros are handled in workbooks when those workbooks are opened through a hyperlink on a drawing shape. Macros in a workbook that is opened this way can run automatically.

RESOLUTION

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
   Date        Time     Version    Size       File name     
   ----------------------------------------------------
   24-JUL-2002 12:43:38 8.0.1.9901 5,621,008  Excel.exe

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

Office 97 users should be aware that Office 97 was developed in an era when the security threat was very different, and Office 97 does not include any of the improved security architecture of more recent versions of Office, such as Macro and e-mail attachment security. For best security, we recommend that customers use Office XP.

For additional information about Microsoft recommendations to customers who are concerned with security issues in Microsoft Office 97, click the article number below to view the article in the Microsoft Knowledge Base:

310365 OFF97: Office 97 Macro Security Recommendations

Modification Type:MinorLast Reviewed:9/27/2005
Keywords:kbHotfixServer kbQFE kbbug kbfix kbQFE KB325746
©2004 Microsoft Corporation. All rights reserved.