INTRODUCTION
Microsoft
has released an update to Microsoft Office 2003. A vulnerability could allow
arbitrary code to run when the system uses the converter to open a maliciously
crafted document. The update resolves this vulnerability so that the files that
the converter opens are handled appropriately.
Note This update is included in the Microsoft Office 2003 Service Pack 1
(SP1). If Office 2003 SP1 is installed on your computer, you do not have to
install a security update for Microsoft Office 2003: WordPerfect 5.x Converter
(KB873378).
For additional information, click the
following article number to view the article in the Microsoft Knowledge Base:
870924
How to obtain the latest service pack for Office 2003
MORE INFORMATION
Security update details
List of issues that this security update fixes
The security update for Microsoft Office 2003: WordPerfect 5.x
Converter (KB873378) fixes the following issue that was not previously
documented in the Microsoft Knowledge Base.
WordPerfect 5.x Convertor vulnerability
A vulnerability exists in the WordPerfect 5.x Converter that
may enable arbitrary code to run when an Office 2003 program uses this
converter to open a maliciously crafted document.
back to the topInstallation details
How to obtain and install the security update
You can obtain the
client and administrative security updates and the installation instructions
and deployment strategies in the Microsoft Download Center. To
download this security update from the Microsoft Download Center, visit the
following Web site:
back to the topHow to determine whether the security update is installed
The security update contains files with the versions that are
listed in the following table:
File name Version
----------------------------------
Msconv97.dll 2003.1100.6252.0
Wpft532.cnv 2003.1100.6252.0
You do not have to install this security update if you have a
later version of the files that are listed in the table.
For additional information about how to determine the version
of WordPerfect 5.x convertor that is installed on your computer, click the
following article number to view the article in the Microsoft Knowledge Base:
821549
How to check the version of Office
2003
Information for administrators about .msp files
The
administrative security update is made up of a full-file Microsoft Windows
Installer patch file (.msp file) that is packaged in a self-extracting
executable file. The
following .msp file is distributed in this security update:
back to the topFeatures for reinstalling specific components for administrators
If
you update your administrative installation point and recache and reinstall
Office 2003 on client computers, you can run a command line that includes the
REINSTALL=[list of features] property. This property specifies whether you want
to reinstall specific components of Office 2003 from the administrative image.
For security update for Microsoft Office 2003: WordPerfect 5.x Converter
(KB873378), the value for [
list of features] is as follows.
- TextConverters
- TCWP5Files
Optionally, you can substitute the parameter
REINSTALL=ALL to reinstall all Microsoft Office components on the client
computer.
For
detailed procedures about how to update an administrative image and how to update client
computers, see the "Updating clients from a patched administrative image"
section in the "Distributing Office 2003 Product service packs" topic. To view
the "Distributing Office 2003 Product service packs" topic, visit the following
Microsoft Web site:
The Office Admin Update Center for Office IT Professionals
contains the latest administrative updates and strategic deployment resources
for all versions of Office. For more information about the Office Admin Update
Center, visit the following Microsoft Web site:
back to the
top