MS05-005: Vulnerability in Microsoft Office XP could allow remote code execution (873352)


The information in this article applies to:

  • Microsoft Office XP Professional
  • Microsoft Office XP Developer
  • Microsoft Office XP Standard
  • Microsoft Office XP Small Business
  • Microsoft Office XP Students and Teachers
  • Microsoft Access 2002
  • Microsoft Excel 2002
  • Microsoft Outlook 2002
  • Microsoft PowerPoint 2002
  • Microsoft Publisher 2002
  • Microsoft Word 2002
Microsoft has released security bulletin MS05-005. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:

Home Users:

http://www.microsoft.com/athome/security/update/bulletins/default.mspx

IT Professionals:

http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx

Project 2002

Microsoft has released an update Microsoft Project 2002 which resolves the issues described in MS05-005 on computers with Microsoft Project 2002 installed. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

873355 Description of the Security Update for Microsoft Project 2002: February 8, 2005

Visio 2002

Microsoft has released an update to Microsoft Visio 2002 which resolves the issues described in MS05-005 on computers with Microsoft Visio 2002 installed. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

873354 Description of the Security Update for Microsoft Visio 2002: February 8, 2005

Known issues that may occur after the update is installed

Installation of Visio 2002 from an administrative installation point fails after you update the administrative installation point to add the MS05-005 security update. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

895926 Visio 2002 Service Pack 2 is not installed on client computers after you apply the MS05-005 security update to an administrative installation point

List of issues that this security update fixes

In addition to the issues that are described in the security bulletin, the Security Update for Microsoft Office XP (KB873352) addresses the following Office issues that were not previously documented in the Microsoft Knowledge Base. Vulnerability opening a document from a Web site When you open a document from a Web site, a malicious user can craft the document in such a way that by opening the file, this user may gain access to your computer through malicious code. Additionally, you may receive the following error message when this situation occurs:

The exception unknown software exception (0xc0000409) occurred in the application at location 0x00000000.

Click on OK to terminate the program
Click on CANCEL to debug the program
All the objects that are in the presentation do not appear in the slide showWhen you start a Microsoft PowerPoint 2002 slide show through Automation or script, all the objects that are in the presentation do not appear in the slide show.

You cannot type the local folder address in the Address box in Microsoft Outlook 2002When you try to open a local folder on your computer by typing the folder address in the Address box on the Web toolbar in Outlook 2002, the folder does not open, and the address that you typed in the Address box changes from drive_letter:\path to outfat:string_of_numbers.

Hyperlinks to other documents become corrupted.In an Office XP document, you click a hyperlink to open another Office XP document or another file on the same server or computer. The file is in a different folder from the folder that contains the Office XP document that has the hyperlink. When you click the hyperlink, you may receive the following error message:
The address of this site is not valid. Check the address and try again.
Smart tags are not removed from an e-mail message even though the feature is disabledIf you clear the Save smart tags in e-mail check box in the Microsoft Word 2002 E-mail Options dialog box, and then send a document that contains smart tags as an e-mail message, the smart tags are not removed from the e-mail message.

Known issues during installation of the update

This section describes the known issues that occur during the installation of the Security Update for Microsoft Office XP (KB873352).

The Ietag.dll file is not updated as expected

After you install the Security Update for Microsoft Office XP (KB873352), you may find that the version number is not the version number that is included in this security update when you verify the version of the Ietag.dll file. The version number for the Ietag.dll file for the Security Update for Microsoft XP (KB873352) is 10.0.6731.

This issue occurs on computers that either currently have Microsoft Office 2003 installed or had Microsoft Office 2003 installed at some point in time. This can be an issue because some of the non-security fixes that are included in Security Update for Office XP (KB873352) will not be fixed after you install the update if the Ietag.dll file version number is not equal to 10.0.6731.0.

If the version number of the Ietag.dll file is not equal to 10.0.6731.0, use one of the following methods to resolve the issue.

Method 1: For customers who still have Office 2003 installed on the computer

Install the Update for Office 2003 (KB885828). This update will update the Ietag.dll file to version 11.0.6404.0 . Version 11.0.6404.0 lets the non-security fixes that are included in Security Update for Office XP (KB873352) to function as expected. For additional information about the Update for Office 2003 (KB885828), click the following article number to view the article in the Microsoft Knowledge Base:

885828 Description of the Update for Office 2003: February 8, 2005

Method 2: For customers who had Office 2003 installed at some point in time.

  1. Open the following folder in Windows Explorer:

    Drive_letter:\Program Files\Common Files\Microsoft Shared\Smart Tag

  2. Locate the Ietag.dll file.
  3. Rename the Ietag.dll to Ietag.old.
  4. After you have renamed the Ietag.dll file, use the Detect and Repair feature in Office XP.
For additional information about how to use the Detect and Repair feature, click the following article number to view the article in the Microsoft Knowledge Base:

298027 Description of the differences between repair and reinstall in Office XP and 2003

Note Using the Detect and Repair feature in Office XP may require access to your original installation CD-ROM for Office XP.

More information about the Ietag.dll file issue

Both Office XP and Office 2003 use the Ietag.dll file. If you install Office XP on a computer where Office 2003 has never been installed, you will receive an Ietag.dll file that has a file version number that is similar to 10.x.xxxx.x. If you install Office 2003 on a computer, you will receive an Ietag.dll file that has a version number that is similar to 11.x.xxxx.x, whether Office XP is on that computer or not. If you remove Office 2003 from your computer, the Ietag.dll file will not be deleted or downgraded to an earlier version. When you install the Security Update for Office XP (KB873352) on a computer that has Office 2003 installed, or that had Office 2003 installed previously, the security update will not overwrite the Ietag.dll file because the Ietag.dll file will be an Office 2003 version.
Modification Type:MinorLast Reviewed:8/26/2006
Keywords:kbSecurity KbSECBulletin KbSECVulnerability kbBug atDownload kbfix kbUpdate KB873352 kbAudEndUser kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.