Kbase P127642: Security vulnerability in the AnswerWorks? Desktop runtime application that is installed with OpenEd
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
12/20/2007 |
|
Status: Verified
FACT(s) (Environment):
OpenEdge 10.1A
OpenEdge 10.1B
Windows
SYMPTOM(s):
Security vulnerability in the AnswerWorks? Desktop runtime application that is installed with OpenEdge Release 10.1A and 10.1B (Windows platforms only).
AnswerWorks provides the ?Ask Me? tab in the MS HTML Help interface that allows you to search the help (.CHM) files using a natural language query
Progress Software Corporation has been notified by Vantage Corporation regarding this security vulnerability
There have been no known exploits or reports of this issue to Vantage, OEM customers, or end users.
CAUSE:
The vulnerability is caused due to a boundary error within the awApi4.AnswerWorks.1 (awApi4.dll) ActiveX control when handling arguments passed to certain methods (e.g. "GetHistory()", "GetSeedQuery()", "SetSeedQuery()"). This can be exploited to cause a stack-based buffer overflow by passing an overly long (greater than 215 bytes) argument to the affected methods.
FIX:
1. If you are running OpenEdge 10.1A then:
1. Download the AW4UpdatedFiles.zip file from: http://www.psdn.com/library/entry.jspa?externalID=4358&categoryID=129
2. Extract the contents of the AW4UpdatedFiles.zip file into a temporary directory, such as c:\temp. Three files are extracted: AW4KillBit.reg, awApi4.dll, and setup.bat.
3. Double-click the setup.bat file.
Verify that the update was successful by doing the following:
1. Right-click your Start menu and select Explore.
2. Go to c:\Program Files\Common Files\AnswerWorks 4.0.
3. Right-click the AWAPI4.dll file and select Properties.
4. Click the Version tab. If the file version is 4.0.0.101 the patch
2. If you are running OpenEdge 10.1B then:
1. Install the OpenEdge 10.1B03 service pack