IE security update on Jan 21 broke link to htm from chm

Subject: IE security update on Jan 21 broke link to htm from chm
From: "Tina Gray" <tina -dot- gray -at- kewill -dot- com>
To: <techwr-l -at- lists -dot- techwr-l -dot- com>
Date: Fri, 19 Mar 2010 11:59:38 -0400

Has anyone experienced this issue and if so, do you know of a
workaround?



I had a hyperlink in my What's New help topic (in a chm created with
Robohelp X5) to an .htm file (residing as a standalone .htm file outside
the RoboHelp source file) created with FrontPage. This is what the
hyperlink looked like in the RoboHelp GUI where you create the link:



../readme.htm



As long as the readme.htm is in the same folder as the chm file, it
always worked fine (opened the readme.htm within the chm as if it was
just another help topic in the chm file), until the IE security update
MS10-002 that was released on Jan 21. The vulnerability addressed is the
HTML Object Memory Corruption Vulnerability - CVE-2010-0249
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0249> which
allows remote attackers to execute arbitrary code by accessing a pointer
associated with a deleted object, related to incorrectly initialized
memory and improper handling of objects in memory, as exploited in the
wild in December 2009 and January 2010 during Operation Aurora, aka
"HTML Object Memory Corruption Vulnerability."



Since applying that security update, when the link to the readme.htm is
clicked from within the chm file, it would display an older version of
the readme (the last version created before the security update was
applied) instead of the latest version of the readme.htm that is located
in the same folder as the chm file. It's as if it is pulling the old
readme.htm from somewhere in memory. My boss who is the lead developer
of the software for which I write tried many workarounds (deleting from
cache, etc.) and we tried different ways of linking to the latest
readme.htm from within RoboHelp, all to no avail. A hyperlink to our
company website from within the chm works just fine, but not a link to
the readme.htm that resides in the same folder as the chm file.



For now, we have removed the link that is in the chm file and just have
the text, 'to view a summary of software patches for this version,
double-click the readme.htm in the directory where the software is
installed'.



Has anyone experienced this issue since applying this IE security update
and if so, do you know of any workaround? I have a bad feeling that this
is just one of those MS issues we will have to just live with (like when
they disabled chm files from being able to open from a network drive).



Thanks!

- Tina









IMPORTANT NOTICE: This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by telephone at (978) 482-2500 and return the original message to us at the listed email address. In accordance with Kewill policy, emails sent and received may be monitored. Kewill accepts no responsibility for any loss or damage should this email contain any virus, or similar destructive or mischievous code. Thank You. Copyright  2009 by Kewill Inc.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Use Doc-To-Help's XML-based editor, Microsoft Word, or HTML and
produce desktop, Web, or print deliverables. Just write (or import)
and Doc-To-Help does the rest. Free trial: http://www.doctohelp.com

Explore CAREER options and paths related to Technical Writing,
learn to create SOFTWARE REQUIREMENTS documents, and
get tips on FUNCTIONAL SPECIFICATION best practices. Free at:
http://www.ModernAnalyst.com

---
You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
or visit http://lists.techwr-l.com/mailman/options/techwr-l/archive%40web.techwr-l.com


To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com

Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit
http://www.techwr-l.com/ for more resources and info.

Please move off-topic discussions to the Chat list, at:
http://lists.techwr-l.com/mailman/listinfo/techwr-l-chat


Follow-Ups:

Previous by Author: TECHWR-L Premium Jobs, Events, and Announcements
Next by Author: Re: IE security update on Jan 21 broke link to htm from chm
Previous by Thread: Re: What do you call something?
Next by Thread: Re: IE security update on Jan 21 broke link to htm from chm


What this post helpful? Share it with friends and colleagues:

Sponsored Ads


Sponsored Ads