Patches Available for "Office HTML Script" and "IE Script"
Vulnerabilities
Originally Posted: July 13, 2000
Re-released: August 09, 2000
Summary
=======
On July 13, 2000, Microsoft released the original version of this
bulletin. It provided a patch to eliminate a security vulnerability
in Microsoft(r) Office 2000 and PowerPoint 97, and a workaround to
protect against a vulnerability in Internet Explorer. On August 09,
2000, the bulletin was re-released to announce the availability of a
patch for the vulnerability in Internet Explorer.
The effect of both vulnerabilities are the same -- they could allow a
malicious web site operator to cause code of his choice to run on the
computer of a visiting user.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-049.asp
Affected Software Versions
===========================
The Office HTML Script vulnerability affects the following Office
products when used in conjunction with Internet Explorer 4.x or 5.x:
- Microsoft Excel 2000
- Microsoft Powerpoint 2000
- Microsoft PowerPoint 97
The IE Script vulnerability affects Internet Explorer 4.01 SP2 and
higher, when Microsoft Access 97 or Access 2000 is present on the
user machine.
Patch Availability
==================
Office HTML Script vulnerability:
- Microsoft Excel 2000 and PowerPoint 2000:
-
http://officeupdate.microsoft.com/2000/downloaddetails/Addinsec.htm
- Microsoft PowerPoint 97:
- http://officeupdate.microsoft.com/downloaddetails/PPt97sec.htm
IE Script vulnerability:
- http://www.microsoft.com/windows/ie/download/critical/patch11.htm
Vulnerabilities
Originally Posted: July 13, 2000
Re-released: August 09, 2000
Summary
=======
On July 13, 2000, Microsoft released the original version of this
bulletin. It provided a patch to eliminate a security vulnerability
in Microsoft(r) Office 2000 and PowerPoint 97, and a workaround to
protect against a vulnerability in Internet Explorer. On August 09,
2000, the bulletin was re-released to announce the availability of a
patch for the vulnerability in Internet Explorer.
The effect of both vulnerabilities are the same -- they could allow a
malicious web site operator to cause code of his choice to run on the
computer of a visiting user.
Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-049.asp
Affected Software Versions
===========================
The Office HTML Script vulnerability affects the following Office
products when used in conjunction with Internet Explorer 4.x or 5.x:
- Microsoft Excel 2000
- Microsoft Powerpoint 2000
- Microsoft PowerPoint 97
The IE Script vulnerability affects Internet Explorer 4.01 SP2 and
higher, when Microsoft Access 97 or Access 2000 is present on the
user machine.
Patch Availability
==================
Office HTML Script vulnerability:
- Microsoft Excel 2000 and PowerPoint 2000:
-
http://officeupdate.microsoft.com/2000/downloaddetails/Addinsec.htm
- Microsoft PowerPoint 97:
- http://officeupdate.microsoft.com/downloaddetails/PPt97sec.htm
IE Script vulnerability:
- http://www.microsoft.com/windows/ie/download/critical/patch11.htm