Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



mixit

HOWTO: Install Office 2007 Equation Editor security update (KB4011604. aka KB4011276) on Office 2000/XP/2003

Recommended Posts

A remote code execution vulnerability was patched this month in Equation Editor, an Office component (CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability, Description of the security update for 2007 Microsoft Office Suite: November 28, 2017).

Official patches are available only for Office 2007 and higher, but since it's a standalone component that hasn't changed since the year 2000, and Microsoft has simply applied a binary patch to the executable and resigned it, you can also use this patch with Office 2000, XP and 2003.

NOTE: KB4011604 was initially released as KB4011276 for English and Chinese only. If you've already installed KB4011276, you don't need to install KB4011604, the Equation Editor payloads are byte-for-byte identical. If you prefer a statement from Microsoft (from the CVE link above): "Customers who have already installed the previously-released updates (4011276 or 2553204) do not need to take any further action."

If you don't use Equation Editor, instead of updating it, you might want to remove it from your computer altogether. (Even if you don't have it installed right now, since it defaults to Installed on First Use, it's a good idea to explicitly deselect it in the Office installer.)

  • Go to Control Panel > Add or Remove Programs, locate your Office 2000/XP/2003 installer and choose the Change option, then pick Add or Remove Features when the installer launces.
  • Find Equation Editor in the component tree. The exact location may differ depending on your Office version, in my case (Office XP) it was under Office Tools. To disable its installation, or remove it from your computer if already installed, mark it as Not Available and complete the update. You should no longer have an Equation folder under (typically) C:\Program Files\Common Files\Microsoft Shared.

If you do use Equation Editor, you'll have to update it manually. (Trying to run the installer, it'll just tell you that you don't have an applicable product installed.) To do this, you'll be needing 7-zip (or a similarly versatile unpacker).

  • Get the patch either as an EXE installer from the Download Center (English; other languages direct links by @Bersaglio) or a CAB file from WU/Catalog (English)    .
  • Right-click on the downloaded file and choose to open it with 7-zip.
  • (EXE only) Select [0], right-click, Open Inside.
  • Select eqnedt32-[your-language].msp (e.g. eqnedt32-en-us.msp), right-click, Open Inside.
  • Select PATCH_CAB, right-click, Open Inside.
  • Extract EQNEDT32.EXE_[numeric language code] (e.g. EQNEDT32.EXE_1033) to a location of your choice and remove the numeric part from the file name, leaving you with EQNEDT32.EXE.
  • Copy this file to your Equation Editor folder, (typically) at C:\Program Files\Common Files\Microsoft Shared\Equation, replacing the old EQNEDT32.EXE in there. (If you like, you can make a copy of the old version, but you can always restore it later by re-running the Office installer.)
  • To make sure everything is kosher now, check EQNEDT32.EXE properties. The version should show 2017.8.14.0.
  • (Note that if you use the Office installer in the future to change installed components or repair your installation, it may put back the old EQNEDT32.EXE and you'll have to manually replace it again.)

 

Edited by mixit
  • Like 3
  • Upvote 3

Share this post


Link to post
Share on other sites

mixit - thanks for info. 

Q - on the thread for XP POS, there are recent links for updating the 2007 Compatibility Pack for Office 2003 on our XP machines.  Should I also run those on my wife's Win 7 64-bit machine on which we still have Office 2003 with the Compatibility Pack?

Edited by glnz

Share this post


Link to post
Share on other sites

If you have the same Compatibility Pack installed, you can and should apply the same updates on both machines. The system may be 64-bit but Office and the Compatibility Pack would still be 32-bit. Also, what @dencorso already told you:

 

Share this post


Link to post
Share on other sites

Thanks for this!

The exe installer downloads seem to be working now for me.

:yes:

Share this post


Link to post
Share on other sites

Edited the topic to reflect the switch to KB4011604 (thanks for the heads up, @Bersaglio :)). FYI, for some reason the KB4011604 Download Center landing page sometimes gives a "no longer available" message, hopefully the direct EXE links are more stable. If you're a more of a Catalog person, I'm sure you'll appreciate the fact that MS has posted all language versions separately, with no indication which is which, so you basically have to click on each download button until you find the right language...:rolleyes:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×