Blog

Home > Microsoft Security > Microsoft Security Bulletin Ms07-013

Microsoft Security Bulletin Ms07-013

Click Start, and then click Search. However, users will still be offered this update because the updated files for Microsoft Office 2003 Service Pack 3 are newer (with higher version numbers) than the files that were delivered Administrative Deployment Information To update your administrative installation, follow these steps: Download this security update for Word 2000. Microsoft received information about this vulnerability through responsible disclosure. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-03-026.html

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Special Options /overwriteoem Overwrites OEM files without prompting. /nobackup Does not back up files needed for uninstallation. /forceappsclose Forces other programs to close when the computer shuts down. /log:path Allows the Click Yes to accept the License Agreement. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. https://technet.microsoft.com/en-us/library/security/ms07-013.aspx

I am still using one of these operating systems; what should I do? When Word opens a specially crafted Word file and parses a malformed function, it may corrupt system memory in such a way that an attacker could execute arbitrary code. This security update addresses the vulnerabilities by modifying the way that Microsoft Visio handles specially crafted Visio files.

You can find additional information in the subsection, Deployment Information, in this section. Verifying That the Update Has Been Applied Microsoft Baseline Security Analyzer To verify that a security update has been applied to an affected system, you may be able to use the Office 2000: File NameVersionDateTimeSize Riched20.dll5.30.23.122716-Nov-200617:05433,152 Office 2000 Multilanguage Packs: File NameVersionDateTimeSize Riched20.dll5.30.23.122716-Nov-200617:05433,152 Project 2000 Service Pack 1: File NameVersionDateTimeSize Riched20.dll5.30.23.122716-Nov-200617:05433,152 Verifying that the Update Has Been Applied Microsoft Baseline Security Analyzer We recommend that customers apply the update at the earliest opportunity.

Microsoft Word Viewer 2003 is not affected by this vulnerability. FAQ for Visio Document Packaging Vulnerability - CVE-2007-0936 What is the scope of the vulnerability? A remote code execution vulnerability exists in Microsoft Visio. Restart Requirement You must restart your system after you apply this security update. https://technet.microsoft.com/en-us/library/security/ms08-013.aspx Comparing other file attributes to the information in the file information table is not a supported method of verifying that the update has been applied.

Client Installation File Information The English version of this update has the file attributes that are listed in the following table. Additionally, you may not have the option to uninstall the update from the Add or Remove Programs tool in Control Panel. In the list of files, right-click a file name from the appropriate file information table, and then click Properties.Note Depending on the version of the operating system or programs installed, some Severity Ratings and Vulnerability Identifiers: Vulnerability IdentifiersImpact of VulnerabilityWindows 2000 Service Pack 4Windows XP Service Pack 2Windows Server 2003 and Windows Server 2003 Service Pack 1 OLE Dialog Memory Corruption Vulnerability

Click Start, click Run, type the following command, and then click OK to extract the .msp file:[path\name of EXE file] /c /t:C:\AdminUpdateNote Double-clicking the .exe file does not extract the .msp Also, in certain cases, files may be renamed during installation. Installation Information The following setup switches are relevant to administrative installations as they allow an administrator to customize how the files are extracted from within the security update. FAQ for Word Malformed String Vulnerability - CVE-2006-5994: What is the scope of the vulnerability?

Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry. navigate here This includes suppressing failure messages. To do this, follow these steps: In Internet Explorer, click Tools, click Internet Options, and then click the Security tab. The Windows Installer Documentation also provides more information about the parameters supported by the Windows Installer.

Word 2002: File NameVersionDateTimeSize Winword.exe10.0.6826.017-Jan-200707:5310,741,088 Verifying that the Update Has Been Applied Microsoft Baseline Security Analyzer To verify that a security update has been applied to an affected system, you may Insert your original source CD-ROM when you are prompted to do so, and then click OK. Windows XP (all versions) Service Pack 1 has reached the end of its support life cycle. Check This Out Registry Key Verification You may also be able to verify the files that this security update has installed by reviewing the following registry keys.

Click Start, and then click Search. In all cases, however, an attacker would have no way to force users to visit these Web sites. To install all features, you can use REINSTALL=ALL or you can install the following features: ProductFeature Visio 2003 StandardBuilding_Plan_Unitless, CAD_Drawing_Display_Unitless, Organization_Charts_Unitless, VisioCore Visio for Enterprise Architects, Visio 2003 ProfessionalBuilding_Plan_Unitless, CAD_Drawing_Display_Unitless, Database_Design_Unitless,Organization_Charts_Unitless,

Restart Requirement In some cases, this update does not require a restart.

For more information about the limitations of SUIT, see Microsoft Knowledge Base Article 306460. Windows Server 2003, Web Edition; Windows Server 2003, Standard Edition; Windows Server 2003, Datacenter Edition; Windows Server 2003, Enterprise Edition; Windows Small Business Server 2003; Windows Server 2003, Web Edition with Supported Spuninst.exe Switches SwitchDescription /help Displays the command-line options. Click OK two times to accept the changes and return to Internet Explorer.

Click Start, and then click Search. Restart Options /norestart Does not restart when installation has completed. /forcerestart Restarts the computer after installation and forces other applications to close at shutdown without saving open files first. /warnrestart[:x] Displays An attacker would have no way to force users to visit a malicious Web site. http://getbetabox.com/microsoft-security/microsoft-security-bulletin-ms06-070.html For backward compatibility, the security update also supports the setup switches that the earlier version of the Setup program uses.

To do this, follow these steps: In Internet Explorer, click Internet Options on the Tools menu. Click Start, click Run, type the following command, and then click OK to extract the .msp file:[path\name of EXE file] /c /t:C:\AdminUpdateNote Double-clicking the .exe file does not extract the .msp ProductMBSA 1.2.1MBSA 2.0 Microsoft Office 2000YesNo Microsoft Office XPYesYes Microsoft Office 2003YesYes Microsoft Office 2004 for MacNoNo Note MBSA 1.2.1 uses an integrated version of the Office Detection Tool (ODT) which You can find them most easily by doing a keyword search for "security_patch." Finally, security updates can be downloaded from the Windows Update Catalog.

Can I use Systems Management Server (SMS) to determine whether this update is required? Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. Also, in certain cases, files may be renamed during installation. If a switch is not available, that functionality is required for the correct installation of the update.

This vulnerability could be exploited when a user opens a specially crafted file. The vulnerability is documented in the "Vulnerability Details" section of this bulletin. The Windows Server 2003 for Itanium-based Systems severity rating is the same as the Windows Server 2003 severity rating. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Workarounds for OLE Dialog Memory Corruption Vulnerability - CVE-2007-0026: Microsoft has tested the following workarounds. Office 2003: File NameVersionDateTimeSize Riched20.dll5.50.99.201417-Aug-200623:23 TechNet Products Products Windows Windows Server System Center Browser   Office Office 365 Exchange Server   SQL Server SharePoint Products Skype for Business See all products You can find additional information in the subsection, Deployment Information, in this section. Why does this update address several reported security vulnerabilities? This update contains support for several vulnerabilities because the modifications that are required to address these issues are located in related files.

Inclusion in Future Service Packs The update for this issue may be included in a future Update Rollup. The following mitigating factors may be helpful in your situation: In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is This documentation is archived and is not being maintained.