What is iSEEK AnswerWorks™?
iSEEK AnswerWorks™ is a sophisticated search application developed by Vantage Linguistics (formerly distributed by Wextech). The AnswerWorks™ product allows product development teams and help system authors to enrich their existing help systems with linguistic and natural language based search. When embedded in a local or online help system, AnswerWorks searches multiple help resources and targets the most relevant and likely answers to users' queries, saving time for everyone involved.
Because iSEEK AnswerWorks™ employs an intuitive, natural language interface and semantic search technology users can phrase their questions in everyday language and receive more accurate results. Answers are ranked by relevance based on the meaning of the query, so the most likely answer is always at the top of the list.
iSEEK AnswerWorks™ is integrated into several world class software applications to provide the most efficient and meaningful interface to documentation and help files, so user's questions are returned with relevant search results.
Description of the Vulnerability:
Updated:12/11/07
A security vulnerability in versions 3.0.0.0 - 4.0.0.100 and 5.0.0.0 - 5.0.0.6 of the iSEEK AnswerWorks™ Desktop runtime for Windows was found recently. If breached, this vulnerability could allow a hacker access to your computer. However, we are not aware of any security breach. These updates are strictly preventive, but important for every customer to perform.
There have been no known exploits or reports of this issue. This patch is proactive to any efforts to exploit this vulnerability. This is issue was discovered by Parvez Anwar and reported by Secunia.
^ top
Resolution and Patching information:
If you have iSEEK AnswerWorks installed on your computer, you should download the AnswerWorks™ patch. It will protect your computer from potential harm and restore any disabled AnswerWorks™ Natural Language help search functionality.
Products that are affected:
  • iSEEK AnswerWorks™ versions 3.0.0.0 - 4.0.0.100, or versions 5.0.0.0 - 5.0.0.6

iSEEK Answerworks™ products not affected:
  • iSEEK Answerworks version 4.0.0.101+, 5.0.0.7+
  • Any or all iSEEK Answerworks Server products/ services.
  • Any computer using Apple OSX or non Windows OS
^ top
Questions and Answers
Q1.
What if I've uninstalled one of these products and no longer use it? Do I still need the patch?
A1.
As a precaution, we recommend that customers who have iSEEK Answerworks installed to download the patch.
If you have uninstalled products with iSEEK Answerworks included and prefer instead to verify that the affected versions of AnswerWorks are not on your computer, please follow the steps below. If the affected versions are not on your computer, no patch is necessary.
To determine if iSEEK AnswerWorks Version 4.0 or Version 5.0 is installed:
  1. Right-Click on your "Start" menu and select "Explore."
  2. Open the following folders in order: Local Disk (C:) > Program Files > Common Files. (Note: You may receive a message when you open your Program Files folder that "These Files are Hidden." Go ahead and click on the "Show the Contents of This Folder" link.) If you find a folder called "AnswerWorks 4.0" or "AnswerWorks 5.0" in your Common Files directory, it is strongly recommended that you apply the patch.
^ top
Q2.
How do I download and install the patch?
A2.
All affected users should download the security patch at:
http://www.vantagelinguistics.com/downloads/awsecuritypatch.msi
When the page appears:
  1. Click the "Download" button to start the download, or choose a different language from the drop-down list and click "Go."
  2. Select "Open" or "Run This Program From its Current Location" to begin the patch immediately. Restarting your computer is not required.
  3. If you don't have time to install the patch, or don't want to restart your computer, you can select "Save" or "Save This Program to Disk" and the patch file, called awsecuritypatch.msi, will download to your hard drive. You'll need to open that file to run the patch.
^ top
Q3.
How do I check that the security patch has been applied?
A3.
To make sure the patch as been applied and that either iSEEK AnswerWorks 4.0 or iSEEK AnswerWorks 5.0 are installed on your system, do the following:
If the security patch has been applied, the iSEEK AnswerWorks 4.0 control will be at file version 4.0.0.101 or higher. You can check the version number by following these steps:
  1. Right-click on your "Start" menu and select "Explore."
  2. Open the following folders in order: Local Disk (C:) > Program Files > Common Files. (Note: You may receive a message when you open the Program Files folder that "These files are hidden." Go ahead and click on the "Show the Contents of This Folder" link.)
  3. If you find a folder called "AnswerWorks 4.0," open it.
  4. Right-click on the AWAPI4.dll (or AWAPI4) file and select "Properties."
  5. Click the "Version" tab. If the file version is 4.0.0.101 the patch was installed successfully.
If the security patch has been applied, the iSEEK AnswerWorks 5.0 control will be at file version 5.0.0.7 or higher. You can check the version number by following these steps:
  1. Use Windows Explorer to navigate to the directory - c:\Program Files\Common Files\AnswerWorks 5.0.
  2. Right-click on the AWAPI5.dll file and select "Properties."
  3. Click the "Version" tab.
  4. Check that the File version is 5.0.0.7. If it is, this patch was installed correctly.
^ top
Q4.
What operating systems are supported?
A4.
The security patch is available for all operating systems used by affected applications: Windows XP, Windows Vista, and Windows 2000. If you are running Windows 98 or Windows ME, you need to have Internet Explorer 6.0 or later installed before you can install the update. Go to the Internet Explorer 6 Downloads Web page to install a more recent version of IE.
Note: Products for Apple Mac OS X are not affected.
Q5.
I only use the Internet on a periodic basis. Do I still need to download the security patch?
A5.
Yes. If you installed any of the affected products on your computer, the vulnerability poses a security risk regardless of whether you are currently connected to the Internet. We recommend that all affected users download and install the security patch.
Vantage would like to acknowledge Microsoft for also including the killbit(s) included in this security update in the December 2007 Cumulative Security Update for Internet Explorer. Customers should primarily look to vantage's security update to resolve this issue. We would like to thank Microsoft for their involvement in helping protect our customers.
^ top