Progress Software Corporation has been notified by Vantage Corporation regarding a security vulnerability in the AnswerWorks Desktop runtime application that is installed with OpenEdge Release 10.1A and OpenEdge Release 10.1B (Windows platforms only).
AnswerWorks provides the "Ask Me" tab in the MS HTML Help interface that allows you to search the help (.CHM) files using a natural language query.
There have been no known exploits or reports of this issue to Vantage, OEM customers, or end users. This patch is proactive to any efforts to exploit this vulnerability. Progress Software Corporation has evaluated the security issue and has determined that the risk to our customers is minimal. However, we do recommend that you eliminate the security risk by doing the following:
Download the attached .zip file and do the following:
Verify that the update was successful by doing the following:
On December 10, 2007 Microsoft released a security update to Internet Explorer that will disable AnswerWorks (the "Ask Me" tab in the HTML Help systems) from functioning if you have not already updated your OpenEdge 10.1A or 10.1B software as described in the table above. If this occurs, simply follow the instructions above to update your software and re-enable the AnswerWorks functionality.