CVE-2004-0846
CVSS7.5
发布时间 :2004-11-03 00:00:00
修订时间 :2016-10-17 22:49:30
NMCOPS    

[原文]Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.


[CNNVD]Microsoft Excel远程任意指令执行漏洞(MS04-033)(CNNVD-200411-009)

        
        Microsoft Excel是一个电子表格处理程序。
        Microsoft Excel存在一个未明的远程任意代码执行问题,远程攻击者可以利用这个漏洞以登录用户进程权限在系统上执行任意命令。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:excel:x
cpe:/a:microsoft:office:2001Microsoft Office 2001
cpe:/a:microsoft:excel:2001Microsoft Excel 2001
cpe:/a:microsoft:excel:2000Microsoft Excel 2000
cpe:/a:microsoft:excel:2002Microsoft Excel 2002
cpe:/a:microsoft:office:2000:sp3Microsoft Office 2000 sp3
cpe:/a:microsoft:office:v.x

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4226Excel 2002 File Handler Code Execution Vulnerability
oval:org.mitre.oval:def:2673Excel 2000 File Handler Code Execution Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0846
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0846
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-009
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109779810827096&w=2
(UNKNOWN)  BUGTRAQ  20041013 Buffer Overflow In Microsoft Excel
http://www.ciac.org/ciac/bulletins/p-009.shtml
(VENDOR_ADVISORY)  CIAC  P-009
http://www.kb.cert.org/vuls/id/274496
(VENDOR_ADVISORY)  CERT-VN  VU#274496
http://www.microsoft.com/technet/security/bulletin/ms04-033.asp
(PATCH)  MS  MS04-033
http://xforce.iss.net/xforce/xfdb/17653
(VENDOR_ADVISORY)  XF  excel-execute-code(17653)
http://xforce.iss.net/xforce/xfdb/17683
(UNKNOWN)  XF  excel-ms04033-patch(17683)

- 漏洞信息

Microsoft Excel远程任意指令执行漏洞(MS04-033)
高危 边界条件错误
2004-11-03 00:00:00 2005-10-20 00:00:00
远程  
        
        Microsoft Excel是一个电子表格处理程序。
        Microsoft Excel存在一个未明的远程任意代码执行问题,远程攻击者可以利用这个漏洞以登录用户进程权限在系统上执行任意命令。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS04-033)以及相应补丁:
        MS04-033:Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx

        补丁下载:
        Microsoft Office 2000 Software Service Pack 3 -
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=B0C40C24-4DDE-45AF-8433-6DBDDD030C30

        Microsoft Office 2000 Service Pack 3 Software
        Excel 2000
        
        Microsoft Office XP Software Service Pack 2 -
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=5E0FADD3-1554-4C43-9B4A-D5E031478892

        Microsoft Office XP Software
        Excel 2002
        
        Microsoft Office 2001 for Mac -
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=9889BEAE-4771-415D-8070-3E51F4CC7AE3

        Microsoft Office 2001 for Mac
        Excel 2001 for Mac
        
        
        Microsoft Office v. X for Mac -
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=148E9283-4DF8-4A75-9671-CC72E6306B84

        Microsoft Office v. X for Mac
        Excel v. X for Mac

- 漏洞信息 (F34713)

excelBOF.txt (PacketStormID:F34713)
2004-10-24 00:00:00
Brett Moore SA  security-assessment.com
advisory,overflow,vulnerability
CVE-2004-0846
[点击下载]

When thinking about buffer overflow vulnerabilities, a file can sometimes be as harmful as a packet. Even though past security issues have taught us that it is unwise to use an unvalidated value from a file/packet as a text length parameter, that is what happened with Microsoft Excel.

========================================================================
= Excel - Buffer Overflow In Microsoft Excel
=
= MS Bulletin posted: 
= http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx
=
= Affected Software:
=       Microsoft Office 2000 Service Pack 3 Software:
=       - Excel 2000
=       Microsoft Office XP Software:
=       - Excel 2002
=       Microsoft Office 2001 for Mac:
=       - Excel 2001 for Mac
=       Microsoft Office v. X for Mac:
=       - Excel v. X for Mac
=
= Public disclosure on October 14, 2004
========================================================================

== Overview ==

When thinking about buffer overflow vulnerabilities, a file can sometimes
be as harmful as a packet. Even though past security issues have taught
us that it is unwise to use an unvalidated value from a file/packet as 
a text length parameter, that is what happened here.

When testing the SA-FileFoxyFuxoryFinder program, we quickly identified
the existance of a SBDA in Microsoft Excel. SBDA (Same Bug, Different App)

Microsoft Excel will read a value from an excel file and use this as the
'length' parameter when copying a string. By setting this to a large
value, it is possible to cause a stack overflow leading to the control
of EIP and other important registers.

Attempted exploitation will result in an event log entry similar to;
  Application popup: 
  EXCEL.EXE - Application Error : The exception Privileged instruction.
  (0xc0000096) occurred in the application at location 0x########.

== Exploitation ==

Remote exploitation through Internet Explorer can be obtained through the
use of an iframe or other similar object to open a file from a public
UNC share or through a 'coupled' browser exploit that saves the file to
a known location before opening it. Internet Explorer will automatically
open the corrupt excel spreadsheet, leading to exploitation.

There may of course also be other ways of having a corrupt file loaded
without requiring a user to download and open it, although a excel 
spreadsheet may be easily accepted by a user anyway.

== Solutions ==

- Install the vendor supplied patch.

== Credit ==

Discovered and advised to Microsoft July 23, 2004 by Brett Moore of
Security-Assessment.com

%-) Da Pimp, M Burnett, Shammah, the local boys

== About Security-Assessment.com ==

Security-Assessment.com is a leader in intrusion testing and security
code review, and leads the world with SA-ISO, online ISO17799 compliance
management solution. Security-Assessment.com is committed to security
research and development, and its team have previously identified a
number of vulnerabilities in public and private software vendors products.

######################################################################
CONFIDENTIALITY NOTICE: 

This message and any attachment(s) are confidential and proprietary. 
They may also be privileged or otherwise protected from disclosure. If 
you are not the intended recipient, advise the sender and delete this 
message and any attachment from your system. If you are not the 
intended recipient, you are not authorised to use or copy this message 
or attachment or disclose the contents to any other person. Views 
expressed are not necessarily endorsed by Security-Assessment.com 
Limited. Please note that this communication does not designate an 
information system for the purposes of the New Zealand Electronic 
Transactions Act 2003.
######################################################################
    

- 漏洞信息 (F34649)

ms04-033.txt (PacketStormID:F34649)
2004-10-13 00:00:00
 
advisory,remote,code execution
CVE-2004-0846
[点击下载]

A Microsoft update has been released. This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.

Microsoft Security Bulletin MS04-033


    Vulnerability in Microsoft Excel Could Allow Remote Code Execution
    (886836)

*Issued:* October 12, 2004
*Version:* 1.0


      Vulnerability in Microsoft Excel Could Allow Code Remote Execution

*Who should read this document:* Customers who use Microsoft Excel 2000,
Microsoft Excel 2002, Microsoft Excel 2001 for Mac, or Microsoft Excel
v. X for Mac

*Impact of Vulnerability:*  Remote Code Execution

*Maximum Severity Rating: *Critical

*Recommendation: *Customers should apply the update immediately.

*Security Update Replacement: *MS03-050

*Caveats: *None

*Tested Software and Security Update Download Locations:*

*Affected Software: *

?

Microsoft Office 2000 Software Service Pack 3 - Download the update
(KB873372)
<http://www.microsoft.com/downloads/details.aspx?FamilyId=B0C40C24-4DDE-45AF-8433-6DBDDD030C30>

Microsoft Office 2000 Service Pack 3 Software:

?

Excel 2000

?

Microsoft Office XP Software Service Pack 2 - Download the update
(KB873366)
<http://www.microsoft.com/downloads/details.aspx?FamilyId=5E0FADD3-1554-4C43-9B4A-D5E031478892>

Microsoft Office XP Software:

?

Excel 2002

?

Microsoft Office 2001 for Mac - Download the update
<http://www.microsoft.com/downloads/details.aspx?FamilyId=9889BEAE-4771-415D-8070-3E51F4CC7AE3>

Microsoft Office 2001 for Mac:

?

Excel 2001 for Mac

?

Microsoft Office v. X for Mac - Download the update
<http://www.microsoft.com/downloads/details.aspx?FamilyId=148E9283-4DF8-4A75-9671-CC72E6306B84>

Microsoft Office v. X for Mac:

?

Excel v. X for Mac

*Non-Affected Software:*

?

Microsoft Office XP Service Pack 3

?

Microsoft Office Excel 2003

?

Microsoft Office 2003 Service Pack 1

?

Microsoft Excel 2004 for Mac

The software in this list has been tested to determine if the versions
are affected. Other versions either no longer include security update
support or may not be affected. To determine the support lifecycle for
your product and version, visit the following Microsoft Support
Lifecycle Web site <http://go.microsoft.com/fwlink/?LinkId=21742>.

Top of section <#EVAA>Top of section <#EVAA>


    General Information

<javascript:Toggle('s3l1-EDUAA')> <javascript:Toggle('s3l1-EDUAA')>


      Executive Summary <javascript:Toggle('s3l1-EDUAA')>

<javascript:Toggle('s3l1-EDUAA')>

*Executive Summary:*

This update resolves a newly-discovered, privately reported
vulnerability. A remote code execution vulnerability exists in Microsoft
Excel. The vulnerability is documented in the Vulnerability Details
section of this bulletin.

If a user is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete control of
an affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. Users
whose accounts are configured to have fewer privileges on the system
would be at less risk than users who operate with administrative privileges.

*Severity Ratings and Vulnerability Identifiers:*

Vulnerability Identifiers Impact of Vulnerability Office 2000 SP3 and
Excel 2000 Office XP SP2 and Excel 2002 Office 2001 for Mac and Excel
2001 for Mac Office v. X for Mac and Excel v. X for Mac

Vulnerability in Microsoft Excel Vulnerability - CAN-2004-0846
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-9998>

Remote Code Execution

Critical

Critical

Important

Important

This assessment <http://go.microsoft.com/fwlink/?LinkId=21140> is based
on the types of systems that are affected by the vulnerability, their
typical deployment patterns, and the effect that exploiting the
vulnerability would have on them.

Top of section <#EDUAA>Top of section <#EDUAA>
<javascript:Toggle('s3l1-ECUAA')> <javascript:Toggle('s3l1-ECUAA')>


      Frequently asked questions (FAQ) related to this security update
      <javascript:Toggle('s3l1-ECUAA')>

<javascript:Toggle('s3l1-ECUAA')>

*What updates does this release replace?*
This security update replaces several prior security bulletins. The
security bulletin IDs and operating systems that are affected are listed
in the following table.

Bulletin ID Office 2000 SP3 and Excel 2000 Office XP SP2 and Excel 2002
Office 2001 for Mac and Excel 2001 for Mac Office v. X for Mac and Excel
v. X for Mac

*MS03-050*

Replaced

Replaced

Not Applicable

Not Applicable

*Can I use the Microsoft Baseline Security Analyzer (MBSA) to determine
if this update is required?*MBSA does report on software supported by
the Office Inventory Tool for local computer scans. For detailed
information about how MBSA detects Office updates, visit the following
Web site <http://go.microsoft.com/fwlink/?LinkId=21141>. MBSA cannot use
the Office Detection Tool to scan remote systems; it will only use this
tool to scan a system locally for required security updates. For more
information about MBSA, visit the MBSA Web site
<http://www.microsoft.com/technet/security/tools/mbsahome.mspx>.

*Can I use Systems Management Server (SMS) to determine if this update
is required?*
Yes. SMS can help detect and deploy this security update. For
information about SMS, visit the SMS Web site.

Top of section <#ECUAA>Top of section <#ECUAA>
<javascript:Toggle('s3l1-EBUAA')> <javascript:Toggle('s3l1-EBUAA')>


      Vulnerability Details <javascript:Toggle('s3l1-EBUAA')>

<javascript:Toggle('s3l1-EBUAA')>

<javascript:Toggle('s3l2-EABUAA')> <javascript:Toggle('s3l2-EABUAA')>


        Excel Vulnerability - CAN-2004-0846:
        <javascript:Toggle('s3l2-EABUAA')>

<javascript:Toggle('s3l2-EABUAA')>

A remote code execution vulnerability exists in Excel. If a user is
logged on with administrative privileges, an attacker who successfully
exploited this vulnerability could take complete control of the affected
system.

<javascript:Toggle('s3l3-ECABUAA')> <javascript:Toggle('s3l3-ECABUAA')>


          Mitigating Factors for Excel Vulnerability - CAN-2004-0846
          <javascript:Toggle('s3l3-ECABUAA')>

<javascript:Toggle('s3l3-ECABUAA')>

?

In a Web-based attack scenario, an attacker would have to host a Web
site that contains a Web page that is used to exploit this
vulnerability. An attacker would have no way to force users to visit a
malicious Web site. Instead, an attacker would have to persuade them to
visit the Web site, typically by getting them to click a link that takes
them to the attacker's site. At this point a user could be exploited.

?

An attacker who successfully exploited this vulnerability could gain the
same privileges as the user. Users whose accounts are configured to have
fewer privileges on the system would be at less risk than users who
operate with administrative privileges.

?

The vulnerability can not be exploited automatically through e-mail. For
an attack to be successful through e-mail, a user must open an
attachment that is sent in an e-mail message.

?

Excel 2001 for Mac users and Excel v. X for Mac users are prompted to
download an Excel file before they open it. Therefore, a user may not be
exploited by an attacker upon an initial visit to a web site.

?

Office XP Service Pack 3 is not affected by this vulnerability.

?

Office 2003 and Office 2003 Service Pack 1 are not affected by this
vulnerability.

?

Excel 2004 for Mac is not affected by this vulnerability.

Top of section <#ECABUAA>Top of section <#ECABUAA>
<javascript:Toggle('s3l3-EBABUAA')> <javascript:Toggle('s3l3-EBABUAA')>


          Workarounds for Excel Vulnerability - CAN-2004-0846
          <javascript:Toggle('s3l3-EBABUAA')>

<javascript:Toggle('s3l3-EBABUAA')>

None.

Top of section <#EBABUAA>Top of section <#EBABUAA>
<javascript:Toggle('s3l3-EAABUAA')> <javascript:Toggle('s3l3-EAABUAA')>


          FAQ for Excel Vulnerability - CAN-2004-0846:
          <javascript:Toggle('s3l3-EAABUAA')>

<javascript:Toggle('s3l3-EAABUAA')>

*What is the scope of the vulnerability?*
This is a remote code execution vulnerability. If a user is logged on
with administrative privileges, an attacker who successfully exploited
this vulnerability could take complete control of an affected system,
including installing programs; viewing, changing, or deleting data; or
creating new accounts with full privileges. Users whose accounts are
configured to have fewer privileges on the system would be at less risk
than users who operate with administrative privileges.

*How could an attacker exploit the vulnerability?*
An attacker could host a malicious Excel file on a web site and persuade
a user to click a link to the file. The file could then be executed
allowing the attacker to execute code of their choice. An attacker could
also attempt to exploit the vulnerability by sending a specially crafted
file in email.

*What systems are primarily at risk from the vulnerability?*
Workstations and terminal servers are primarily at risk. Servers are
only at risk if users who do not have sufficient administrative
credentials are given the ability to log on to servers and to run
programs. However, best practices strongly discourage allowing this.

*Are all versions of Office and Excel affected by this vulnerability?
*No. Office XP Service Pack 3, Office 2003 and Excel 2003, Office 2003
Service Pack 1, and Excel 2004 for Mac are not affected.

*When this security bulletin was issued, had this vulnerability been
publicly disclosed?*
No. Microsoft received information about this vulnerability through
responsible disclosure.

*What does the update do?*
The patch removes the vulnerability by making sure that Excel correctly
validates parameters when it opens an Excel file.

Top of section <#EAABUAA>Top of section <#EAABUAA>
Top of section <#EABUAA>Top of section <#EABUAA>
Top of section <#EBUAA>Top of section <#EBUAA>
<javascript:Toggle('s3l1-EAUAA')> <javascript:Toggle('s3l1-EAUAA')>


      Security Update Information <javascript:Toggle('s3l1-EAUAA')>

<javascript:Toggle('s3l1-EAUAA')>

*Installation Platforms and Prerequisites:*

For information about the specific security update for your platform,
click the appropriate link:

<javascript:Toggle('s3l2-EDAUAA')> <javascript:Toggle('s3l2-EDAUAA')>


        Office XP and Excel 2002 <javascript:Toggle('s3l2-EDAUAA')>

<javascript:Toggle('s3l2-EDAUAA')>

<javascript:Toggle('s3l3-EDDAUAA')> <javascript:Toggle('s3l3-EDDAUAA')>


          Prerequisites and Additional Update Details
          <javascript:Toggle('s3l3-EDDAUAA')>

<javascript:Toggle('s3l3-EDDAUAA')>

*Important  *Before you install this update, make sure that the
following requirements have been met:

?

Microsoft Windows Installer 2.0 must be installed. Microsoft Windows
Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 2 (SP2)
include Windows Installer 2.0 or later. To install the latest version of
the Windows Installer, visit one of the following Microsoft Web sites:

Windows Installer 2.0 for Windows 95, Windows 98, Windows 98 SE, and
Windows Millennium Edition <http://go.microsoft.com/fwlink/?LinkId=33337>

Windows Installer 2.0 for Windows 2000 and Windows NT 4.0
<http://go.microsoft.com/fwlink/?LinkId=33338>

For additional information about how to determine the version of Office
XP on your computer, see Microsoft Knowledge Base Article 291331
<http://support.microsoft.com/default.aspx?scid=kb;%5bLN%5d;291331>.

*Inclusion in Future Service Packs:*

The fix for this issue is in Office XP Service Pack 3

*Restart Requirement*

No restart is required.

*Removal Information*

After you install the update, you cannot remove it. To revert to an
installation before the update was installed, you must remove the
software, and then install it again from the original CD-ROM.

Top of section <#EDDAUAA>Top of section <#EDDAUAA>
<javascript:Toggle('s3l3-ECDAUAA')> <javascript:Toggle('s3l3-ECDAUAA')>


          Automated Client Installation Information
          <javascript:Toggle('s3l3-ECDAUAA')>

<javascript:Toggle('s3l3-ECDAUAA')>

*Office Update Web Site*

We recommend that you install the Office XP client updates by using the
Office Update Web site <http://go.microsoft.com/fwlink/?LinkId=21135>.
The Office Update Web site detects your particular installation and
prompts you to install exactly what you must have to make sure that your
installation is completely up to date.

To have the Office Update Web site detect the required updates that you
must install on your computer, visit the Office Update Web site
<http://go.microsoft.com/fwlink/?LinkId=21135>, and then click *Check
for Updates*. After detection is complete, the site displays a list of
recommended updates for your approval. Click *Start Installation* to
complete the process.

Top of section <#ECDAUAA>Top of section <#ECDAUAA>
<javascript:Toggle('s3l3-EBDAUAA')> <javascript:Toggle('s3l3-EBDAUAA')>


          Manual Client Installation Information
          <javascript:Toggle('s3l3-EBDAUAA')>

<javascript:Toggle('s3l3-EBDAUAA')>

For detailed information about how to manually install this update
please review the following section.

*Installation Information *

The security update supports the following setup switches:

   /*Q* Specifies quiet mode, or suppresses prompts, when files are
being extracted.

   /*Q:U* Specifies user-quiet mode, which presents some dialog boxes to
the user.

   /*Q:A* Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.

   /*T*: *<full path>* Specifies the target folder for extracting files.

   /*C* Extracts the files without installing them. If /*T*: path is not
specified, you are prompted for a target folder.

   /*C*: *<Cmd>* Override Install Command defined by author. Specifies
the path and name of the setup .inf or .exe file.

   /*R:N* Never restarts the computer after installation.

   /*R:I* Prompts the user to restart the computer if a restart is
required, except when used with */Q:A*.

   /*R:A* Always restarts the computer after installation.

   /*R:S* Restarts the computer after installation without prompting the
user.

   /*N:V* No version checking - Install the program over any previous
version.

*Note  *These switches do not necessarily work with all updates. If a
switch is not available that functionality is necessary for the correct
installation of the update. Also, the use of the /*N:V* switch is
unsupported and may result in an unbootable system. If the installation
is unsuccessful, you should consult your support professional to
understand why it failed to install.

For additional information about the supported setup switches, see
Microsoft Knowledge Base Article 197147
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;197147>.

*Client Deployment Information *

1.

Download the client version of this security update.
<http://www.microsoft.com/downloads/details.aspx?FamilyId=5E0FADD3-1554-4C43-9B4A-D5E031478892>

2.

Click *Save this program to disk*, and then click *OK*.

3.

Click *Save*.

4.

Using Windows Explorer, locate the folder that contains the saved file,
and then double-click the saved file.

5.

If you are prompted to install the update, click *Yes*.

6.

Click *Yes* to accept the License Agreement.

7.

Insert your original source CD-ROM if you are prompted to do so, and
then click *OK*.

8.

When you receive a message that indicates the installation was
successful, click *OK*.

*Note  *If the security update is already installed on your computer,
you receive the following error message: *This update has already been
applied or is included in an update that has already been applied*.

*Client Installation File Information*

The English version of this update has the file attributes (or later)
that are listed in the following table. The dates and times for these
files are listed in coordinated universal time (UTC). When you view the
file information, it is converted to local time. To find the difference
between UTC and local time, use the *Time Zone* tab in the Date and Time
tool in Control Panel.

Office XP SP2 and Excel 2002:

Date         Time   Version          Size        File name
----------------------------------------------------------
05-May-2004  04:47  10.00.6713.0000 9,190,080     Excel.exe

*Verifying Update Installation *

?

*Microsoft Baseline Security Analyzer*

To verify that a security update is installed on an affected system, you
may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool.
This tool allows administrators to scan local and remote systems for
missing security updates and for common security misconfigurations. For
more information about MBSA, visit the Microsoft Baseline Security
Analyzer Web site <http://go.microsoft.com/fwlink/?LinkId=21134>.

?

*File Version Verification*

*Note* Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see your
product documentation to complete these steps.

1.

Click *Start*, and then click *Search*.

2.

In the *Search Results pane*, click *All files and folders* under
*Search Companion*.

3.

In the *All or part of the file name box*, type a file name from the
appropriate file information table, and then click *Search*.

4.

In the list of files, right-click a file name from the appropriate file
information table, and then click *Properties*.

*Note* Depending on the version of the operating system or programs
installed, some of the files that are listed in the file information
table may not be installed.

5.

On the *Version* tab, determine the version of the file that is
installed on your computer by comparing it to the version that is
documented in the appropriate file information table.

* Note *Attributes other than file version may change during
installation. Comparing other file attributes to the information in the
file information table is not a supported method of verifying the update
installation. Also, in certain cases, files may be renamed during
installation. If the file or version information is not present, use one
of the other available methods to verify update installation.

Top of section <#EBDAUAA>Top of section <#EBDAUAA>
<javascript:Toggle('s3l3-EADAUAA')> <javascript:Toggle('s3l3-EADAUAA')>


          Administrative Installation Information
          <javascript:Toggle('s3l3-EADAUAA')>

<javascript:Toggle('s3l3-EADAUAA')>

If you installed your application from a server location, the server
administrator must update the server location with the administrative
update and deploy that update to your computer.

*Installation Information *

The following setup switches are relevant to administrative
installations as they allow an administrator to customize the manner in
which the files are extracted from within the security update:

   /*?* Displays the command line options

   /*Q* Specifies quiet mode, or suppresses prompts, when files are
being extracted.

   /*T*: *<full path>* Specifies the target folder for extracting files.

   /*C* Extracts the files without installing them. If /*T*: path is not
specified, you are prompted for a target folder.

   /*C*: *<Cmd>* Override Install Command defined by author. Specifies
the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see
Microsoft Knowledge Base Article 197147
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;197147>.

*Administrative Deployment Information*

To update your administrative installation, please perform the following
procedure:

?

Download the administrative version of this security update.
<http://www.microsoft.com/downloads/details.aspx?FamilyId=5E0FADD3-1554-4C43-9B4A-D5E031478892>

?

Click *Save this program to disk*, and then click *OK*.

?

Click *Save*.

?

Using Windows Explorer, locate the folder that contains the saved file
and run the following command line to extract the .msp file:

/ [path\name of EXE file]/ /c /t:C:\AdminUpdate

*Note*  Double-clicking the .exe file does not extract the .msp file; it
applies the update to the local computer. In order to update an
administrative image, you must first extract the .msp file.

?

Click *Yes* to accept the License Agreement.

?

Click *Yes* if you are prompted to create the folder.

?

If you are familiar with the procedure for updating your administrative
installation, click *Start*, and then click *Run*. Type the following
command in the *Open* box:

msiexec /a Admin Path\MSI File /p C:\adminUpdate\MSP File
SHORTFILENAMES=TRUE

Where Admin Path is the path of your administrative installation point
for your application (for example, C:\OfficeXP), MSI File is the .msi
database package for the application (for example, Data1.msi), and MSP
File is the name of the administrative update (for example, SHAREDff.msp).

*Note  *You can append /*qb+* to the command line so that the
*Administrative Installation* dialog box and the *End User License
Agreement* dialog box do not appear.

?

Click *Next* in the provided dialog box. Do not change your CD Key,
installation location, or company name in the provided dialog box.

?

Click *I accept the terms in the License Agreement*, and then click
*Install*.

At this point, your administrative installation point is updated. Next,
you must update the workstations that were originally installed from
this administrative installation. To do this, please review the
Workstation Deployment section. Any new installations that you run from
this administrative installation point will include the update.

*Warning  *Any workstation that was originally installed from this
administrative installation before you installed the update cannot use
this administrative installation for actions like repairing Office or
adding new features until you complete the steps in the Workstation
Deployment section for this workstation.

*Workstation Deployment Information *

To deploy the update to the client workstations, click *Start*, and then
click *Run*. Type the following command in the *Open* box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

Where Admin Path is the path of your administrative installation point
for your application (for example, C:\OfficeXP), MSI File is the .msi
database package for the application (for example, Data1.msi), and
Feature List is the list of feature names (case sensitive) that must be
reinstalled for the update. To install all features, you can use
*REINSTALL=ALL*.

*Note  *Administrators working in managed environments can find complete
resources for deploying Office updates in an organization on the Office
Admin Update Center
<http://www.microsoft.com/office/ork/updates/default.htm>. On the home
page of that site, look in the *Update Strategies* section for the
software version you are updating. The Windows Installer Documentation
<http://go.microsoft.com/fwlink/?LinkId=21685> also provides additional
information about the parameters supported by the Windows Installer.

*Administrative Installation File Information*

The English version of this update has the file attributes (or later)
that are listed in the following table. The dates and times for these
files are listed in coordinated universal time (UTC). When you view the
file information, it is converted to local time. To find the difference
between UTC and local time, use the *Time Zone* tab in the Date and Time
tool in Control Panel.

Office XP Service Pack 2 and Excel 2002:

Date         Time   Version          Size        File name
----------------------------------------------------------
05-May-2004  04:47  10.00.6713.0000 9,190,080     Excel.exe

*Verifying Update Installation *

?

*Microsoft Baseline Security Analyzer*

To verify that a security update is installed on an affected system, you
may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool.
This tool allows administrators to scan local and remote systems for
missing security updates and for common security misconfigurations. For
more information about MBSA, visit the Microsoft Baseline Security
Analyzer Web site <http://go.microsoft.com/fwlink/?LinkId=21134>.

?

*File Version Verification*

*Note* Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see your
product documentation to complete these steps.

1.

Click *Start*, and then click *Search*.

2.

In the *Search Results pane*, click *All files and folders* under
*Search Companion*.

3.

In the *All or part of the file name box*, type a file name from the
appropriate file information table, and then click *Search*.

4.

In the list of files, right-click a file name from the appropriate file
information table, and then click *Properties*.

*Note* Depending on the version of the operating system or programs
installed, some of the files that are listed in the file information
table may not be installed.

5.

On the *Version* tab, determine the version of the file that is
installed on your computer by comparing it to the version that is
documented in the appropriate file information table.

* Note *Attributes other than file version may change during
installation. Comparing other file attributes to the information in the
file information table is not a supported method of verifying the update
installation. Also, in certain cases, files may be renamed during
installation. If the file or version information is not present, use one
of the other available methods to verify update installation.

Top of section <#EADAUAA>Top of section <#EADAUAA>
Top of section <#EDAUAA>Top of section <#EDAUAA>
<javascript:Toggle('s3l2-ECAUAA')> <javascript:Toggle('s3l2-ECAUAA')>


        Office 2000 and Excel 2000 <javascript:Toggle('s3l2-ECAUAA')>

<javascript:Toggle('s3l2-ECAUAA')>

<javascript:Toggle('s3l3-EDCAUAA')> <javascript:Toggle('s3l3-EDCAUAA')>


          Prerequisites and Additional Update Details
          <javascript:Toggle('s3l3-EDCAUAA')>

<javascript:Toggle('s3l3-EDCAUAA')>

*Important  *Before you install this update, make sure that the
following requirements have been met:

?

Microsoft Windows Installer 2.0 must be installed. Microsoft Windows
Server 2003, Windows XP and Microsoft Windows 2000 Service Pack 3 (SP3)
include Windows Installer 2.0 or later. To install the latest version of
the Windows Installer, visit one of the following Microsoft Web sites:

Windows Installer 2.0 for Windows 95, Windows 98, Windows 98 SE, and
Windows Millennium Edition <http://go.microsoft.com/fwlink/?LinkId=33337>

Windows Installer 2.0 for Windows 2000 and Windows NT 4.0
<http://go.microsoft.com/fwlink/?LinkId=33338>

?

Office 2000 Service Pack 3 (SP3) or Microsoft Excel 2000 must be
installed. Before you install this update, install Office 2000 SP3. For
additional information about how to install Office 2000 SP3, see
Microsoft Knowledge Base Article 326585
<http://support.microsoft.com/default.aspx?scid=kb;en-us;326585>. The
administrative update can also be installed on systems that are running
Office 2000 SP2 or Office 2000 SP3.

For additional information about how to determine the version of Office
2000 on your computer, see Microsoft Knowledge Base Article 255275.

*Restart Requirement*

No restart is required.

*Removal Information*

After you install the update, you cannot remove it. To revert to an
installation before the update was installed, you must remove the
software, and then install it again from the original CD-ROM.

Top of section <#EDCAUAA>Top of section <#EDCAUAA>
<javascript:Toggle('s3l3-ECCAUAA')> <javascript:Toggle('s3l3-ECCAUAA')>


          Automated Client Installation Information
          <javascript:Toggle('s3l3-ECCAUAA')>

<javascript:Toggle('s3l3-ECCAUAA')>

*Office Update Web Site*

Microsoft recommends that you install the Office 2000 client updates by
using the Office Update Web site
<http://go.microsoft.com/fwlink/?LinkId=21135>. The Office Update Web
site detects your particular installation and prompts you to install
exactly what you must have to make sure that your installation is
completely up-to-date.

To have the Office Update Web site detect the required updates that you
must install on your computer, visit the Office Update Web site
<http://go.microsoft.com/fwlink/?LinkId=21135>, and then click *Check
for Updates*. After detection is complete, the site displays a list of
recommended updates for your approval. Click *Start Installation* to
complete the process.

Top of section <#ECCAUAA>Top of section <#ECCAUAA>
<javascript:Toggle('s3l3-EBCAUAA')> <javascript:Toggle('s3l3-EBCAUAA')>


          Manual Client Installation Information
          <javascript:Toggle('s3l3-EBCAUAA')>

<javascript:Toggle('s3l3-EBCAUAA')>

For detailed information about how to manually install this update,
please review the following section.

*Installation Information *

The security update supports the following setup switches:

   /*Q* Specifies quiet mode, or suppresses prompts, when files are
being extracted.

   /*Q:U* Specifies user-quiet mode, which presents some dialog boxes to
the user.

   /*Q:A* Specifies administrator-quiet mode, which does not present any
dialog boxes to the user.

   /*T*: *<full path>* Specifies the target folder for extracting files.

   /*C* Extracts the files without installing them. If /*T*: path is not
specified, you are prompted for a target folder.

   /*C*: *<Cmd>* Override Install Command defined by author. Specifies
the path and name of the setup .inf or .exe file.

   /*R:N* Never restarts the computer after installation.

   /*R:I* Prompts the user to restart the computer if a restart is
required, except when used with */Q:A*.

   /*R:A* Always restarts the computer after installation.

   /*R:S* Restarts the computer after installation without prompting the
user.

   /*N:V* No version checking - Install the program over any previous
version.

*Note  *These switches do not necessarily work with all updates. If a
switch is not available that functionality is necessary for the correct
installation of the update. Also, the use of the /*N:V* switch is
unsupported and may result in an unbootable system. If the installation
is unsuccessful, you should consult your support professional to
understand why it failed to install.

For additional information about the supported setup switches, see
Microsoft Knowledge Base Article 197147
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;197147>.

*Client Deployment Information *

1.

Download the client version of this security update.
<http://download.microsoft.com/download/b/0/3/b03abaa0-dd54-4223-b43e-130d338678b1/office2000-kb873372-client-enu.exe>

2.

Click *Save this program to disk*, and then click *OK*.

3.

Click *Save*.

4.

Using Windows Explorer, locate the folder that contains the saved file,
and then double-click the saved file.

5.

If you are prompted to install the update, click *Yes*.

6.

Click *Yes* to accept the License Agreement.

7.

Insert your original source CD-ROM if you are prompted to do so, and
then click *OK*.

8.

When you receive a message that indicates the installation was
successful, click *OK*.

*Note  *If the security update is already installed on your computer,
you receive the following error message: *This update has already been
applied or is included in an update that has already been applied*.

*Client Installation File Information*

The English version of this update has the file attributes (or later)
that are listed in the following table. The dates and times for these
files are listed in coordinated universal time (UTC). When you view the
file information, it is converted to local time. To find the difference
between UTC and local time, use the *Time Zone* tab in the Date and Time
tool in Control Panel.

Office 2000 and Excel 2000:

Date         Time   Version         Size       File name
--------------------------------------------------------
09-Aug-2004  19:09  9.00.00.8924 7168045     Excel.exe

*Verifying Update Installation *

?

*Microsoft Baseline Security Analyzer*

To verify that a security update is installed on an affected system, you
may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool.
This tool allows administrators to scan local and remote systems for
missing security updates and for common security misconfigurations. For
more information about MBSA, visit the Microsoft Baseline Security
Analyzer Web site <http://go.microsoft.com/fwlink/?LinkId=21134>.

?

*File Version Verification*

*Note* Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see your
product documentation to complete these steps.

1.

Click *Start*, and then click *Search*.

2.

In the *Search Results pane*, click *All files and folders* under
*Search Companion*.

3.

In the *All or part of the file name box*, type a file name from the
appropriate file information table, and then click *Search*.

4.

In the list of files, right-click a file name from the appropriate file
information table, and then click *Properties*.

*Note* Depending on the version of the operating system or programs
installed, some of the files that are listed in the file information
table may not be installed.

5.

On the *Version* tab, determine the version of the file that is
installed on your computer by comparing it to the version that is
documented in the appropriate file information table.

* Note *Attributes other than file version may change during
installation. Comparing other file attributes to the information in the
file information table is not a supported method of verifying the update
installation. Also, in certain cases, files may be renamed during
installation. If the file or version information is not present, use one
of the other available methods to verify update installation.

Top of section <#EBCAUAA>Top of section <#EBCAUAA>
<javascript:Toggle('s3l3-EACAUAA')> <javascript:Toggle('s3l3-EACAUAA')>


          Administrative Installation Information
          <javascript:Toggle('s3l3-EACAUAA')>

<javascript:Toggle('s3l3-EACAUAA')>

If you installed your application from a server location, the server
administrator must update the server location with the administrative
update and deploy that update to your computer.

*Installation Information *

The following setup switches are relevant to administrative
installations as they allow an administrator to customize the manner in
which the files are extracted from within the security update:

   /*?* Displays the command line options

   /*Q* Specifies quiet mode, or suppresses prompts, when files are
being extracted.

   /*T*: *<full path>* Specifies the target folder for extracting files.

   /*C* Extracts the files without installing them. If /*T*: path is not
specified, you are prompted for a target folder.

   /*C*: *<Cmd>* Override Install Command defined by author. Specifies
the path and name of the Setup .inf or .exe file.

For additional information about the supported setup switches, see
Microsoft Knowledge Base Article 197147
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;197147>.

*Administrative Deployment Information*

To update your administrative installation please perform the following
procedure:

1.

Download the administrative version of this security update
<http://download.microsoft.com/download/b/0/3/b03abaa0-dd54-4223-b43e-130d338678b1/office2000-kb873372-fullfile-enu.exe>.

2.

Click *Save this program to disk*, and then click *OK*.

3.

Click *Save*.

4.

Using Windows Explorer, locate the folder that contains the saved file
and run the following command line to extract the .msp file:

/ [path\name of EXE file]/ /c /t:C:\AdminUpdate

*Note*  Double-clicking the .exe file does not extract the .msp file; it
applies the update to the local computer. In order to update an
administrative image, you must first extract the .msp file.

1.

Click *Yes* to accept the License Agreement.

2.

Click *Yes* if you are prompted to create the folder.

3.

If you are familiar with the procedure for updating your administrative
installation, click *Start*, and then click *Run*. Type the following
command in the *Open* box:

msiexec /a Admin Path\MSI File /p C:\adminUpdate\MSP File
SHORTFILENAMES=TRUE

Where Admin Path is the path of your administrative installation point
for your application (for example, C:\Office2000), MSI File is the .msi
database package for the application (for example, Data1.msi), and MSP
File is the name of the administrative update (for example, SHAREDff.msp).

*Note  *You can append /*qb+* to the command line so that the
*Administrative Installation* dialog box and the *End User License
Agreement* dialog box do not appear.

1.

Click *Next* in the provided dialog box. Do not change your CD Key,
installation location, or company name in the provided dialog box.

2.

Click *I accept the terms in the License Agreement*, and then click
*Install*.

At this point, your administrative installation point is updated. Next,
you must update the workstations that were originally installed from
this administrative installation. To do this, please review the
Workstation Deployment section. Any new installations that you run from
this administrative installation point will include the update.

*Warning  *Any workstation that was originally installed from this
administrative installation before you installed the update cannot use
this administrative installation for actions like repairing Office or
adding new features until you complete the steps in the Workstation
Deployment section for this workstation.

*Workstation Deployment Information *

To deploy the update to the client workstations, click *Start*, and then
click *Run*. Type the following command in the *Open* box:

msiexec /i Admin Path\MSI File /qb REINSTALL=Feature List REINSTALLMODE=vomu

where Admin Path is the path of your administrative installation point
for your application (for example, C:\Office2000), MSI File is the ,msi
database package for the application (for example, Data1.msi), and
Feature List is the list of feature names (case sensitive) that must be
reinstalled for the update. To install all features, you can use
*REINSTALL=ALL*.

*Note*  Administrators working in managed environments can find complete
resources for deploying Office updates in an organization on the Office
Admin Update Center
<http://www.microsoft.com/office/ork/updates/default.htm>. On the home
page of that site, look in the *Update Strategies* section for the
software version you are updating. The Windows Installer Documentation
<http://go.microsoft.com/fwlink/?LinkId=21685> also provides additional
information about the parameters supported by the Windows Installer.

*Administrative Installation File Information*

The English version of this update has the file attributes (or later)
that are listed in the following table. The dates and times for these
files are listed in coordinated universal time (UTC). When you view the
file information, it is converted to local time. To find the difference
between UTC and local time, use the *Time Zone* tab in the Date and Time
tool in Control Panel.

Office 2000 and Excel 2000:

Date         Time   Version          Size        File name
----------------------------------------------------------
09-Aug-2004  19:09  9.00.00.8924 7168045     Excel.exe

*Verifying Update Installation *

?

*Microsoft Baseline Security Analyzer*

To verify that a security update is installed on an affected system, you
may be able to use the Microsoft Baseline Security Analyzer (MBSA) tool.
This tool allows administrators to scan local and remote systems for
missing security updates and for common security misconfigurations. For
more information about MBSA, visit the Microsoft Baseline Security
Analyzer Web site <http://go.microsoft.com/fwlink/?LinkId=21134>.

?

*File Version Verification*

*Note*  Because there are several versions of Microsoft Windows, the
following steps may be different on your computer. If they are, see your
product documentation to complete these steps.

?

Click *Start*, and then click *Search*.

?

In the *Search Results pane*, click *All files and folders* under
*Search Companion*.

?

In the *All or part of the file name box*, type a file name from the
appropriate file information table, and then click *Search*.

?

In the list of files, right-click a file name from the appropriate file
information table, and then click *Properties*.

*Note* Depending on the version of the operating system or programs
installed, some of the files that are listed in the file information
table may not be installed.

?

On the *Version* tab, determine the version of the file that is
installed on your computer by comparing it to the version that is
documented in the appropriate file information table.

* Note *Attributes other than file version may change during
installation. Comparing other file attributes to the information in the
file information table is not a supported method of verifying the update
installation. Also, in certain cases, files may be renamed during
installation. If the file or version information is not present, use one
of the other available methods to verify update installation.

Top of section <#EACAUAA>Top of section <#EACAUAA>
Top of section <#ECAUAA>Top of section <#ECAUAA>
<javascript:Toggle('s3l2-EBAUAA')> <javascript:Toggle('s3l2-EBAUAA')>


        Excel v. X for Mac <javascript:Toggle('s3l2-EBAUAA')>

<javascript:Toggle('s3l2-EBAUAA')>

*Prerequisites*

This security update requires Excel v. X for Mac Versions 10.0 through
10.1.5 to be installed..

*Installation Information*

*Restart Requirement*

This update does not require you to restart your computer.

*Removal Information*

This update cannot be uninstalled.

*Verifying Update Installation*

To verify that a security update is installed on an affected system,
please perform the following steps:

1.

Navigate to the Application Binary (*Applications/Microsoft Office
X/Microsoft Excel*).

2.

Click on the application

3.

Select *File* then *Get Info*

If the Version number reads 10.1.6, the update has been successfully
installed.

Top of section <#EBAUAA>Top of section <#EBAUAA>
<javascript:Toggle('s3l2-EAAUAA')> <javascript:Toggle('s3l2-EAAUAA')>


        Excel 2001 for Mac <javascript:Toggle('s3l2-EAAUAA')>

<javascript:Toggle('s3l2-EAAUAA')>

*Prerequisites*

This security update requires Excel 2001 for Mac Versions 9.0.0 through
9.0.4 to be installed.

*Installation Information*

*Restart Requirement*

This update does not require you to restart your computer.

*Removal Information*

This update cannot be uninstalled.

*Verifying Update Installation*

To verify that a security update is installed on an affected system,
please perform the following steps:

1.

Navigate to the Application Binary (:*Microsoft Office 2001:Microsoft
Excel*).

2.

Click on the application

3.

Select *File* then *Get Info*

If the Version number reads 9.0.5, the update has been successfully
installed.

Top of section <#EAAUAA>Top of section <#EAAUAA>
Top of section <#EAUAA>Top of section <#EAUAA>

*Acknowledgments*

Microsoft thanks <http://go.microsoft.com/fwlink/?LinkId=21127> the
following for working with us to help protect customers:

?

Brett Moore of Security-Assessment.com
</My%20Documents/Excel/FinderWebSite> for reporting the Excel
Vulnerability (CAN-2004-0846).

*Obtaining Other Security Updates:*

Updates for other security issues are available from the following
locations:

?

Security updates are available from the Microsoft Download Center
<http://go.microsoft.com/fwlink/?LinkId=21129>: You can find them most
easily by doing a keyword search for "security_patch".

?

Updates for consumer platforms are available from the Windows Update Web
site <http://go.microsoft.com/fwlink/?LinkId=21130>.

*Support: *

?

Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support Services
<http://go.microsoft.com/fwlink/?LinkId=21131> at 1-866-PCSAFETY. There
is no charge for support calls that are associated with security updates.

?

International customers can receive support from their local Microsoft
subsidiaries. There is no charge for support that is associated with
security updates. For more information about how to contact Microsoft
for support issues, visit the International Support Web site
<http://go.microsoft.com/fwlink/?LinkId=21155>.

*Security Resources: *

?

The Microsoft TechNet Security
<http://go.microsoft.com/fwlink/?LinkId=21132> Web site provides
additional information about security in Microsoft products.

?

Microsoft Software Update Services
<http://go.microsoft.com/fwlink/?LinkId=21133>

?

Microsoft Baseline Security Analyzer
<http://go.microsoft.com/fwlink/?LinkId=21134> (MBSA)

?

Windows Update <http://go.microsoft.com/fwlink/?LinkId=21130> 

?

Windows Update Catalog: For more information about the Windows Update
Catalog, see Microsoft Knowledge Base Article 323166
<http://support.microsoft.com/default.aspx?scid=kb;EN-US;323166>.

?

Office Update <http://go.microsoft.com/fwlink/?LinkId=21135> 

*Software Update Services:*

By using Microsoft Software Update Services (SUS), administrators can
quickly and reliably deploy the latest critical updates and security
updates to Windows 2000 and Windows Server 2003-based servers, and to
desktop systems that are running Windows 2000 Professional or Windows XP
Professional.

For more information about how to deploy this security update with
Software Update Services, visit the Software Update Services Web site
<http://go.microsoft.com/fwlink/?LinkId=21133>.

*Systems Management Server:*

Microsoft Systems Management Server (SMS) delivers a highly-configurable
enterprise solution for managing updates. By using SMS, administrators
can identify Windows-based systems that require security updates and to
perform controlled deployment of these updates throughout the enterprise
with minimal disruption to end users. For more information about how
administrators can use SMS 2003 to deploy security updates, visit SMS
2003 Security Patch Management Web site
<http://go.microsoft.com/fwlink/?LinkId=22939>. SMS 2.0 users can also
use Software Updates Service Feature Pack
<http://go.microsoft.com/fwlink/?LinkId=33340> to help deploy security
updates. For information about SMS, visit the SMS Web site
<http://go.microsoft.com/fwlink/?LinkId=21158>.

*Note *SMS uses the Microsoft Baseline Security Analyzer and the
Microsoft Office Detection Tool to provide broad support for security
bulletin update detection and deployment. Some software updates may not
be detected by these tools. Administrators can use the inventory
capabilities of the SMS in these cases to target updates to specific
systems. For more information about this procedure, visit the following
Web site <http://go.microsoft.com/fwlink/?LinkId=33341>. Some security
updates require administrative rights following a restart of the system.
Administrators can use the Elevated Rights Deployment Tool (available in
the *SMS 2003 Administration Feature Pack*
<http://go.microsoft.com/fwlink/?LinkId=33387> and in the *SMS 2.0
Administration Feature Pack*
<http://go.microsoft.com/fwlink/?LinkId=21161>) to install these updates.

*Disclaimer: *

The information provided in the Microsoft Knowledge Base is provided "as
is" without warranty of any kind. Microsoft disclaims all warranties,
either express or implied, including the warranties of merchantability
and fitness for a particular purpose. In no event shall Microsoft
Corporation or its suppliers be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business
profits or special damages, even if Microsoft Corporation or its
suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for
consequential or incidental damages so the foregoing limitation may not
apply.

*Revisions:* 

?

V1.0 (October 12, 2004): Bulletin published


Top of page <#top>Top of page <#top>


Manage Your Profile <http://go.microsoft.com/?linkid=317027> |Contact Us
</technet/contactus.mspx> |Newsletter
</technet/abouttn/subscriptions/flash_register.mspx>
    

- 漏洞信息

10694
Microsoft Excel XLS File Local Overflow (MS04-033)
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Excel is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted XLS file, a context-dependent attacker can potentially cause arbitrary code execution.

- 时间线

2004-10-12 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Excel File Handler Buffer Overflow Vulnerability
Boundary Condition Error 11373
Yes No
2004-10-12 12:00:00 2009-07-12 07:06:00
Discovery of this vulnerability is credited to Brett Moore <brett.moore@security-assessment.com>.

- 受影响的程序版本

Microsoft Excel v.X
+ Microsoft Office v. X
Microsoft Excel 2002 SP2
+ Microsoft Office XP SP2
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Excel 2002 SP1
+ Microsoft Office XP SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Microsoft Excel 2002
+ Microsoft Office XP
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95 SR2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Microsoft Excel 2001 for Mac
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0
+ Microsoft Office 2001 For Macintosh SR1
+ Microsoft Office 2001 For Macintosh
Microsoft Excel 2000 SR1
+ Microsoft Office 2000 SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
Microsoft Excel 2000 SP3
+ Microsoft Office 2000 SP3
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Microsoft Excel 2000 SP2
+ Microsoft Office 2000 SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
Microsoft Excel 2000
+ Microsoft Office 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Avaya S8100 Media Servers 0
+ Microsoft Windows 2000 Server
+ Microsoft Windows NT Server 4.0 SP6a
Avaya S3400 Message Application Server 0
+ Microsoft Windows 2000 Server
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya IP600 Media Servers
Avaya DefinityOne Media Servers
Microsoft Excel 2003 SP1
+ Microsoft Office 2003 SP1
Microsoft Excel 2003
+ Microsoft Office 2003 0
Microsoft Excel 2002 SP3
+ Microsoft Office XP SP3

- 不受影响的程序版本

Microsoft Excel 2003 SP1
+ Microsoft Office 2003 SP1
Microsoft Excel 2003
+ Microsoft Office 2003 0
Microsoft Excel 2002 SP3
+ Microsoft Office XP SP3

- 漏洞讨论

Microsoft Excel is reported prone to an buffer overflow vulnerability. The issue presents itself when the vulnerable software handles a malicious Excel file.

Ultimately a remote attacker may exploit this vulnerability to execute arbitrary code. Code execution will occur in the context of a user that is using a vulnerable version of Excel to view a malicious Excel spreadsheet.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Microsoft has released a security bulletin and fixes to address this vulnerability.


Microsoft Excel 2001 for Mac

Microsoft Excel v.X

Microsoft Excel 2000 SP3

Microsoft Excel 2002 SP2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站