Progress Software Corporation has been notified by Vantage Corporation regarding a security vulnerability in the AnswerWorks Desktop runtime application that is installed with OpenEdge Release 10.1A and OpenEdge Release 10.1B (Windows platforms only).

AnswerWorks provides the "Ask Me" tab in the MS HTML Help interface that allows you to search the help (.CHM) files using a natural language query.

There have been no known exploits or reports of this issue to Vantage, OEM customers, or end users. This patch is proactive to any efforts to exploit this vulnerability. Progress Software Corporation has evaluated the security issue and has determined that the risk to our customers is minimal. However, we do recommend that you eliminate the security risk by doing the following:

If you are...Then do this...
Running OpenEdge 10.1A

Download the attached .zip file and do the following:

  1. Extract the contents of the .zip file into a temporary directory, such as c:\temp. Three files are extracted: AW4KillBit.reg, awApi4.dll, and setup.bat.
  2. Double-click the setup.bat file.

Verify that the update was successful by doing the following:

  1. Right-click your Start menu and select Explore.
  2. Go to c:\Program Files\Common FilesAnswerWorks 4.0.
  3. Right-click the AWAPI4.dll file and select Properties.
  4. Click the Version tab. If the file version is the patch was installed successfully.
Running OpenEdge 10.1BInstall the 10.1B03 service pack

On December 10, 2007 Microsoft released a security update to Internet Explorer that will disable AnswerWorks (the "Ask Me" tab in the HTML Help systems) from functioning if you have not already updated your OpenEdge 10.1A or 10.1B software as described in the table above. If this occurs, simply follow the instructions above to update your software and re-enable the AnswerWorks functionality.