Word 2002 Security Patch: KB830346 helps to address a flaw when Microsoft® Word 2002 opens a Word document containing certain data values (the names of macros in the document). This flaw could allow arbitrary code to run when Word tries to open a document containing maliciously crafted values. This update helps to resolve this vulnerability so that files containing these values are handled appropriately.

---

Toolbox   The full-file version of Word 2002 Security Patch: KB830346 consists of one Windows Installer patch file (MSP format) packaged in a self-extracting executable (officexp-kb830346-fullfile-enu.exe). You can find this downloadable file on the Office XP Resource Kit Downloads page.

Localized versions of this update are listed later in this article in the section titled "Localized versions of the Word 2002 security patch."

---

---

 Note    The full-file version of the Word 2002 security patch will install successfully on Office XP Service Pack 2 or Office XP Service Pack 1 installations.

---

Strategies for updating your Word 2002 installations

The recommended method for distributing the Word 2002 security patch is first to update your administrative installation point, and then recache and reinstall Word 2002 on your users' computers to apply the changes. This is the standard update procedure presented for all previous Office updates, and it's still the most effective way to distribute software in a controlled environment. Details on using this method are covered later in this article in the section titled "Applying the Word 2002 security patch to an administrative installation point."

An alternative to the administrative update strategy is to apply the binary (client) version of the Word 2002 security patch directly to users' computers within your organization. This approach may be useful if you have experienced synchronization problems between your administrative installation points and your client computers. Details on this strategy are covered in the topic Distributing Office 2000 Client Updates to Users. The client version of the Word 2002 Security Patch: KB830346 is available from the Microsoft Download Center.

---

 Note    To install client update files, you must be running Windows Installer version 2.0 or higher on your computers. Windows Installer 2.0 is included by default in Microsoft Windows® XP and Windows 2000 Service Pack 3. For organizations running a previous version of Windows, it is available as a separate download from the Microsoft Download Center:

Windows Installer 2.0 for Windows 95, Windows 98, and Windows ME

Windows Installer 2.0 for Windows NT 4.0 (SP-6) and Windows 2000

---

A third option is to apply the full-file updates directly to client computers. This method is an efficient way to ensure that all users have the most current version of the software when you do not know which updates users have applied. In addition, users can apply a full-file patch even if they do not have access to the administrative source. However, these client computers remain out of sync with the updated source until they reinstall Office from the original installation point.

Details on this strategy, and a more complete comparison of the three update methods, can be found in the article Strategies for Updating Office 2000 Installations.

Applying the Word 2002 security patch to an administrative installation point

The full-file administrative update file for the Word 2002 security patch is a Microsoft Windows Installer patch that you apply to your administrative share by using a command line with specific parameters. The following table describes the update (MSP file).

---

 Note    For best results, the update should be applied from the computer that contains the administrative installation point. Make sure the files on the administrative installation point are not in use when you apply the update. Copy the updated administrative installation image to all installation points after you back up any custom transform, Setup.ini, or other custom files.

---

To apply the Word 2002 security patch to an administrative installation point

1. Download officexp-kb830346-fullfile-enu.exe and double-click the file name to extract the update (MSP file).
2. Connect to the administrative installation point.

   Note that you must have write access to the administrative installation point on the server and the appropriate privileges to carry out the task.

3. On the Start menu, click Run and then type the command line for Windows Installer with the appropriate options for the update. Use the following syntax:

   [start] msiexec /p [path\name of update MSP file] 
   /a [path\name of MSI file]
   SHORTFILENAMES=TRUE /qb /L*v [path\name of log file]
   

You must run the command line separately for each MSP file you apply to the administrative installation point — you cannot reference multiple MSP files on the same command line. The following table describes the command-line options.

Updating client computers from an administrative installation point

After you update your administrative installation point, you must recache and reinstall Word 2002 on client computers that use the administrative image. Any new client installations from the administrative installation image will automatically include the Word 2002 security patch.

---

 Note    If you originally installed Word 2002 on a client computer from an updated administrative installation point, you must follow the recache and repair procedure described above to update that client. If you update the client directly by using the end-user patch from the Office Online site, the client and administrative images become out-of-sync, which may cause future updates to fail.

---

To update an existing client installation from an administrative installation point, run the following command line on the client computer:

start msiexec /i [path to updated .msi file on the admin image]
REINSTALL=[list of features] 
REINSTALLMODE=vomu /qb

You can run this command line by creating a logon script, distributing it as a batch file, deploying it by using Microsoft Systems Management Server, or using other software installation tools. The following table describes the command-line options.

For the Word 2002 security patch, the value for [list of features] is as follows:

WORDFiles

Optionally, you can substitute the parameter REINSTALL=ALL to reinstall all Office components on the client computer.

Applying the Word 2002 security patch under Windows 2000 or Windows XP

If your administrative installation point and all of your client computers are running Microsoft Windows 2000 or Windows XP, you can use IntelliMirror® technology to manage the installation of the update.

---

 Note    Be sure to test all software updates in a controlled setting before modifying your administrative installation point or deploying the new version throughout your organization.

---

To deploy a hot fix or update under Windows 2000 or Windows XP

1. Apply the update (MSP file) to the original Office administrative installation point.

   You will need to run the command line separately if you apply more than one MSP file to the administrative installation point — you cannot reference multiple MSP files on the same command line.

2. Open the Software Installation snap-in within the Group Policy Object (GPO) that you are using to manage the existing Office installation.
3. In the details pane, right-click the Office package, point to All Tasks, and then click Redeploy application.

   The next time the Group Policy is applied to the designated users or computer groups, the updated files are copied to the computers.

Note that you can redeploy a package only if it is being managed by Group Policy — that is, only if you originally installed it by using IntelliMirror software installation and maintenance, or if you brought it into a managed state under Windows 2000 or Windows XP.

Localized versions of the Word 2002 security patch

Localized versions of the Word 2002 security patch are available in the following languages and can be downloaded from the Office 2003 Resource Kit Localized Downloads page:

Files changed by the Word 2002 security patch

The following table lists the file changed by the full-file Word 2002 security patch. If you need to confirm whether a share has been updated, you can check the related file version number.

Related links

For an overview of Word 2002 Security Patch: KB830346, see Description of the Word 2002 security patch: November 11, 2003 in the Microsoft Knowledge Base.

For general information on applying an administrative update, see Deploying Product Updates from an Administrative Installation Point in the Office XP Resource Kit.