General 8065 Published by

Patch Available for "Microsoft Office HTML Object Tag" Vulnerability
Originally posted: August 09, 2000
Re-released: August 10, 2000

Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in certain Microsoft (r) Office 2000 products. The
vulnerability could allow a user to construct a HyperText Markup
Language (HTML) file that, when read, would crash a Microsoft Office
2000 application or potentially run arbitrary or malicious code.

Frequently asked questions regarding this vulnerability and the patch
can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-056.asp

Affected Software Versions
==========================
- Microsoft Word 2000
- Microsoft Excel 2000
- Microsoft PowerPoint 2000

(These products ship as part of the Office 2000 suite and as
stand-alone products)

Note: Previous versions of these products are not affected by this
vulnerability.

Note: Office 2000 products other than those specifically listed above
are not affected by this vulnerability.

Patch Availability
==================
- Microsoft Word 2000, Excel 2000, PowerPoint 2000:
http://officeupdate.microsoft.com/2000/downloadDetails/Of9data.htm

Note: Office 2000 SR-1 is required before this patch can be applied.