Article ID: 268457
This article was previously published under Q268457
This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft has released an update that eliminates a security vulnerability in Microsoft Excel 2000 and PowerPoint 2000. This update, the Microsoft Excel and PowerPoint 2000 SR-1 Add-In Security Update, eliminates a security vulnerability that could allow unsafe scripts to be run in Microsoft Excel 2000 or Microsoft PowerPoint 2000 when you view a Web page or HTML e-mail message. This update makes changes to the registry and eliminates the ability to run unsafe Excel or PowerPoint scripts by using the Internet Explorer Object Model.
NOTE: To use the Microsoft Excel and PowerPoint 2000 SR-1 Add-In Security Update, you must first install Office 2000 SR-1 or Office 2000 Service Release 1a (SR-1a)
System administrators can find additional information and the administrator version of this update at the Microsoft Office Resource Kit
To learn more about the Microsoft Excel and PowerPoint 2000 SR-1 Add-In Security Update, please see the Microsoft Security Bulletin MS00-049: Frequently Asked Questions
NOTE: There are two separate updates: one for both PowerPoint 2000 and Excel 2000, and the other for PowerPoint 97. Excel 97 is not affected by this vulnerability. For additional information about the Microsoft PowerPoint 97 version of this update, click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/268477/EN-US/ )PPT97: Update Available for HTML Script Vulnerability
How to Download and Install the UpdateIMPORTANT:
To install the update, you must have access to your original PowerPoint or Office CD. (One exception is if you installed from a "flat copy" of the CD stored on a network server. A "flat copy" is not the same as an administrative installation.)If you installed from a network administrative installation to your workstation, you should contact your administrator about obtaining this update. Do not attempt to apply this update to your workstation.Follow these steps to download and install the update:
Files Contained in the Addinsec.exe DownloadIf you download Addinsec.exe and manually extract the files by using a command line similar to the following
C:\Downloads\Addinsec.exe /c /t:C:\Addinsecthe following files will be listed in the C:\Addinsec folder:
How to Verify That the Update Is SuccessfulThe only changes made to Microsoft PowerPoint 2000 are in the registry. However, if you also have Microsoft Excel 2000 installed, you can verify installation by checking the version of Excel.exe.
To verify whether the installation of the update was successful, you can check that the version of the Excel.exe file on your system is equal to or greater than 9.0.4307. By default, Excel.exe is in the following location on your computer:
C:\Program Files\Microsoft Office\Office
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/266134/EN-US/ )OFF2000: Overview and History of Office 2000 Updates
(http://support.microsoft.com/kb/268365/EN-US/ )XL2000: Update Available for HTML Script Vulnerability
(http://support.microsoft.com/kb/248710/EN-US/ )OFF97: Overview and History of Office 97 Patches