Launch Printer Friendly Page Security TechCenter > > Microsoft Security Bulletin MS02-044

Microsoft Security Bulletin MS02-044

Unsafe Functions in Office Web Components (Q328130)

Originally posted: August 21, 2002

Summary

Who should read this bulletin: 
All customers using Office Web Components, which is available as a stand-alone download and included as part of the Microsoft® products detailed below.

Impact of vulnerability: 
Three vulnerabilities, the most serious of which could allow an attacker to run commands on the user's system.

Maximum Severity Rating: 
Critical

Recommendation: 
Customers using these products should install the appropriate patches immediately.

Affected Software:

  • Microsoft Office Web Components 2000
  • Microsoft Office Web Components 2002

Products which Include the Affected Software:

  • Microsoft BackOffice® Server 2000
  • Microsoft BizTalk® Server 2000
  • Microsoft BizTalk Server 2002
  • Microsoft Commerce Server 2000
  • Microsoft Commerce Server 2002
  • Microsoft Internet Security and Acceleration Server 2000
  • Microsoft Money 2002
  • Microsoft Money 2003
  • Microsoft Office 2000
  • Microsoft Office XP
  • Microsoft Project 2002
  • Microsoft Project Server 2002
  • Microsoft Small Business Server 2000

General Information

Technical details

Frequently asked questions

Patch availability

Other information:

Support:

  • Microsoft Knowledge Base article Q328130 discusses this issue and will be available approximately 24 hours after the release of this bulletin. Knowledge Base articles can be found on the Microsoft Online Support web site.
  • Technical support is available from Microsoft Product Support Services. There is no charge for support calls associated with security patches.

Security Resources: The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.

Disclaimer:

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

  • V1.0 (August 21, 2002): Bulletin Created.
  • V1.1 (August 22, 2002): Bulletin updated to correct factual error regarding the type of files that can be read using the LoadText() method.
  • V1.2 (August 23, 2002): Bulletin updated to include information on how to manually set the "killbits" for the controls.