Click here to go to the Office Update Home page   All Products  |   Support  |   Search  |   microsoft.com Guide  
Featured on Office UpdateMicrosoft
   Home   |    Auto Update   |    What's New   |    Search Office Update   |    eServices   |    Office Update Worldwide   |    Site Help   |
 
  Office 2000  
Download Details
Download Now!
Save to Online Storage
Using: Xdrive

(What's Online Storage?)

Works with
Word 2000
Excel 2000
Outlook 2000
PowerPoint 2000
Access 2000
FrontPage 2000
Publisher 2000
PhotoDraw 2000, Version 2

Filename
cagpkg.exe

Filesize
292 kb

Est. Download Time
@28.8  2 mins

Last Updated
15-Mar-2000

Languages Supported
US English
International English
Basque
Pan Chinese
Simplified Chinese
Traditional Chinese
Croatian
Czech
Danish
Dutch
Finnish
French
German
Greek
Hungarian
Italian
Japanese
Korean
Norwegian
Polish
Brazilian Portugese
Iberian Portugese
Romanian
Russian
Spanish
Swedish
Turkish

Return to Catalog
   or Focus Center

 

Clip Art Buffer Overrun Vulnerability Patch for Office 2000 Click here to email this to a friend.

This patch for the Microsoft Clip Art Gallery addresses a vulnerability that could cause a buffer overrun in Clip Art Gallery. The buffer overrun could cause Clip Art Gallery to crash, or it could make the user's computer vulnerable to harmful code created by a malicious hacker. Malicious code, embedded within a file that is downloaded by Clip Art Gallery, could then cause damage to information stored on the user's computer.

Clip Art Gallery and Clip Gallery Live use a special file format — the .CIL format — for downloading these clips. Under certain circumstances, a very long field embedded in a clip art .CIL file could cause a buffer overrun in the Clip Art Gallery software. When the buffer overrun occurs, the software could crash or could cause the execution of arbitrary code on a user's computer. The primary danger in this vulnerability is that the buffer overrun would occur when a user opens an attachment that includes a specially formed clip art file, or downloads a .CIL file from a malicious hacker's Web page.

For example, a user finds a Web site that contains groups of clip art saved in the .CIL format. The user downloads one of these .CIL files to use in Microsoft PowerPoint® 2000. The instructions on the page tell the user to double-click the file to open Clip Art Gallery. However, the person who created the Web site has embedded malicious code that deletes data on the user's hard disk. To make the malicious code execute, the person includes a very long field in the .CIL file. When the user double-clicks the file to open it into Clip Art Gallery, Clip Art Gallery experiences a buffer overrun, and then the malicious code executes.

Since Clip Art Gallery installs and opens clips without prompting users for confirmation, this vulnerability can affect users even if they follow safe computing practices such as using virus detection software.

For users of PhotoDraw 2000 Version 1  This patch works with PhotoDraw 2000 Version 2. If you are using PhotoDraw 2000 Version 1, you need to install a different patch, CILUpdt.exe. Download instructions and CILUpdt.exe itself can be found at Microsoft Clip Gallery PSS: Microsoft Clip Gallery Buffer Overrun Vulnerability Patch.

Note  Microsoft Works 2000, PictureIt! 2000, Greetings 99, Greetings 2000, Home Publishing 99, and Home Publishing 2000 are also subject to this vulnerability.

Additional information is available in the Microsoft Security Bulletin (MS00-015): "Clip Art Buffer Overrun" Vulnerability and the Microsoft Knowledge Base article (Q256167) CG5: Clip Art Buffer Overrun Vulnerability Patch.

To ensure the integrity of your Office 2000 installation, the Clip Art Buffer Overrun Vulnerability Patch for Office 2000 requires access to the Office 2000 CD or your network installation location during the installation process.


To install this download:

  1. You may want to print this page to use as a reference when you are offline.
  2. Download the file from Office Update by clicking Download Now! at the top left of this page and following the instructions in the dialog boxes.
  3. Double-click the CAGpkg.exe program file on your hard disk to start the setup program.
  4. Follow the instructions on the screen to complete the installation.

Instructions for use:

Once you have installed the update, use Clip Art Gallery as you normally would.

To remove this download:

There is no uninstall utility for this update.

Sign up for the Microsoft Office Auto Update Notification Service:

The Microsoft Office Auto Update Notification Service is an e-mail list that you can join to find out when new updates are added to the Office Update Web site. The notification e-mail messages contain the name of the update, the download location for the update, a description of the update, and a list of the Office products that will be updated. This is a great way to be notified of critical or helpful Office updates, including additional product functionality or the latest security updates.

For support of this download:

If you are experiencing problems with this download or the Office Update site, please review our Support Page for assistance.

 
    
   é
© 2001 Microsoft Corporation.
All rights reserved. Terms of use.  Disclaimer.