Description of the Office 2003 security update: September 14, 2004 (838905)


The information in this article applies to:

  • Microsoft Office Professional Edition 2003
  • Microsoft Office Excel 2003
  • Microsoft Office FrontPage 2003
  • Microsoft Office Outlook 2003
  • Microsoft Office PowerPoint 2003
  • Microsoft Office Publisher 2003
  • Microsoft Office Word 2003
  • Microsoft Office Standard Edition 2003
  • Microsoft Office Student and Teachers Edition 2003
  • Microsoft Office Small Business Edition 2003
  • Microsoft Office Basic Edition 2003
  • Microsoft Office Access 2003

SUMMARY

Microsoft has released an update to Microsoft Office 2003. This article describes how to download and how to install the Office 2003 security update: KB838905.

This update was first included in Office 2003 Service Pack 2.

For more information about the latest service pack for Office 2003, click the following article number to view the article in the Microsoft Knowledge Base:

870924How to obtain the latest service pack for Office 2003

INTRODUCTION

The Office 2003 security update: KB838905 offers the highest level of reliability that is available for Office 2003. This update fixes a vulnerability where a specially crafted image could allow an attacker's code to run on a user's computer because of a security vulnerability in the graphics interpreter code.

Microsoft has released security bulletin MS04-028. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the whole security bulletin, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx

MORE INFORMATION

Download and install the update

Client update

If you installed Office 2003 from a CD-ROM, you have the following two options:
  • Use the Microsoft Office Update Web site to automatically install all the latest updates that include all the available service packs, security updates, and updates.
  • Install only the Office 2003 security update: KB838905. To do this, follow the steps that are listed later in this article.
Note We recommend that you install the client update by using the Office Update Web site. The Office Update Web site detects your particular installation of Microsoft Office and prompts you to install exactly what you must have to make sure that your Office installation is up-to-date.

Office Update Web site

To have the Office Update Web site detect the updates that you must install on your computer, visit the following Microsoft Web site and then click Check for Updates:

http://office.microsoft.com/officeupdate/default.aspx

After detection is complete, you receive a list of recommended updates for your approval. Click Start Installation to complete the process.

Install only the Office 2003 security update: KB838905

To download and install the client update, follow these steps:
  1. Download the update.

    The following file is available for download from the Microsoft Download Center:

    DownloadDownload the Office 2003 Security Update: KB838905 client package now.
    Release Date: September 14, 2004

    For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

    119591 How to obtain Microsoft support files from online services

    Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
    Note To obtain a localized client version of the Office 2003 security update: KB838905, visit the following Microsoft Web site:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=106BCF99-1BA9-4035-94C5-2A7FA90E5971

  2. Click Open to start the download and installation of the Office2003-kb838905-client-enu.exe file.
  3. If you are prompted to install the update, click Yes.
  4. Click Yes to accept the license agreement.
  5. Insert your Office 2003 CD-ROM when you are prompted to, and then click OK.
  6. When you receive a message that indicates that the installation was successful, click OK.
Note After you install the update, you cannot remove it. To revert to an installation before you installed the update, you must remove Office 2003 and reinstall it from the original CD-ROM.

Administrative update

If you installed Office 2003 from a server location, the server administrator must update the server location with the administrative update and deploy that update to your computer.

If you are the server administrator, follow these steps to download the administrative update:
  1. In Microsoft Windows Explorer, create a new folder and name it KB838905.
  2. Download the update.

    The following file is available for download from the Microsoft Download Center:

    DownloadDownload the Office 2003 security update: KB838905 full-file package now.
    Release Date: September 14, 2004

    For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

    119591 How to obtain Microsoft support files from online services

    Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
    Note To obtain a localized full-file version of the Office 2003 security update: KB838905, visit the following Microsoft Web site:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=106BCF99-1BA9-4035-94C5-2A7FA90E5971

  3. Click Save to save the Office2003-kb838905-fullfile-enu.exe file in the KB838905 folder.
  4. In Windows Explorer, double-click the Office2003-kb838905-fullfile-enu.exe file.
  5. If you are prompted to install the update, click Yes.
  6. Click Yes to accept the license agreement.
  7. In the Type the location where you want to put the extracted files box, type c:\kb838905, and then click OK.
  8. If you are familiar with the procedure for updating your administrative installation, click Start, click Run, type the following command in the Open box:

    msiexec /a admin path\MSI file /p c:\kb838905\MSP file shortfilenames=true

    In this command, admin path is the path of your administrative installation point for Office 2003--for example, C:\Office2003, MSI file is the .msi database package for the Office 2003 product--for example, Pro11.msi, and MSP file is the name of the administrative update--for example, gdiplus-FullFile-GLB.msp.

    Note You can append the /qb+ switch to the command line so that the Office 2003 Administrative Installation dialog box and the End User License Agreement dialog box do not appear.
  9. To deploy the update to the client workstations, click Start, click Run, type the following command in the Open box:

    msiexec /i admin path\MSI file reinstall=Feature List REINSTALLMODE=VOMU

    In this command, admin path is the path of your administrative installation point for Office 2003--for example, C:\Office2003, MSI file is the MSI database package for the Office 2003 product--for example, Pro11.msi, and Feature List is the case-sensitive list of feature names that must be reinstalled for the update. To install all the features, you can use the REINSTALL=ALL value, or you can install the following feature:

    ProductNonBootFiles

For additional information about how to update your administrative installation and how to deploy to client workstations, click the following article number to view the article in the Microsoft Knowledge Base:

829197 How to install updates to an administrative installation of Office 2003

Determine whether the update is installed

The update contains updated versions of the following files:
   File name    Version
   -----------------------
   Gdiplus.dll  6.0.3264.0
To determine the version of the Gdiplus.dll file that is installed on your computer, follow these steps.

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
  1. Click Start, and then click Search.
  2. In the Search Results pane, click All files and folders under Search Companion.
  3. In the All or part of the file name box, type Gdiplus.dll, and then click Search.
  4. In the list of files, right-click Gdiplus.dll, and then click Properties.
  5. On the Version tab, determine the version of the Gdiplus.dll file that is installed on your computer.
Note If the Office 2003 security update: KB838905 is already installed on your computer, you receive the following error message when you try to install the Office 2003 security update: KB838905:
This update has already been applied or is included in an update that has already been applied.

List of issues that are fixed by the update

The Office 2003 security update: KB838905 fixes the issues that are described in the following Microsoft Knowledge Base articles:

837256 Description of Office 2003 hotfix package: March 19, 2004

831939 Description of the Office 2003 hotfix package: January 29, 2004




The Office 2003 security update: KB838905 fixes the following issue that was not previously documented in the Microsoft Knowledge Base:
  • Office program quits unexpected when you insert a JPEG image

    When you insert a JPEG image into an Office program, the Office program may quit unexpectedly and arbitrary code could run.

REFERENCES

If you are an administrator you may want to install all required GDI+ security updates in one 'batch' process.
For additional information about how to create and use a batch file to silently install multiple GDI+ security updates, click the following article number to view the article in the Microsoft Knowledge Base:

885885 How to create and use a batch file to silently install multiple GDI+ security updates

Modification Type:MinorLast Reviewed:2/13/2006
Keywords:kbOffice2003SP2fix KbSECBulletin ATdownload kbSecurity kbQFE kbUpdate KB838905 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.