RoboHelp HTML Version 9 - what is the version for ehlpdhtm.js?

We have been running pen tests looking for vulnerabilites on applications my company has created in order to be PCI certified. I built webhelp systems for these applications using RoboHTML v9.
The pen test has indicated that ehlpdhtm.js is suspect with the following message:
WebInspect detected the use of an ActiveX object. This could indicate a vulnerability is present if a vulnerable public version of the Microsoft Active Template was utilized. There are three vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. Applications and components created with these versions of ATL are vulnerable to remote code execution and information disclosure attacks. Visual Studio itself is not vulnerable to these issues. In these three vulnerabilities, ATL processes data incorrectly which can lead to memory corruption, information disclosure, and instantiation of objects without regard to security policy. After Visual Studio is patched, it will no longer create applications and components with these vulnerabilities. However, applications and components compiled using the vulnerable version of ATL need to be rebuilt with the safe version released by Microsoft. Recommendations include applying any relevant service pack or patch as listed in the Fix section, then recompiling and redistrubiting any software created prior to the update. If you have already applied the proper fix, then this vulnerability can safely be ignored.
Explanation
Any application compiled using the vulnerable active template could be subject to code execution and information disclosure vulnerabilities.
What is the latest version of the ehlpdhtm.js file?
The copyright inside the file is:
// Dynamic HTML JavaScript
// Copyright © 1998-2009 Adobe Systems Incorporated. All rights reserved.
// Version=8.0
If this is not the latest version, is there somewhere I can get the latest file? If not, I won't be able to use the dynamic html features of RoboHTML.

If you have the latest patch installed (9.0.2), you have the latest version of ehlpdhtm.js. There was an XSS vulnerability fix for 9.0.1, but that is included in 9.0.2. From what I can see in my installation, version 8.0 is the latest version for RoboHelp 9.
RoboHelp 11 has a newer version of the file, but the active x is still in there.
I'm not a security expert. The ActiveX is used for supporting old versions of IE and CHM's. It should not be used by modern browsers. I've never heard of RoboHelp being abused in this way so I would deem it safe. But again, that's just my layman opinion.
Kind regards,
Willam

Similar Messages

  • What are the versions required for JBOSS,JDK and ORACLE to setup the ATG 10.2.

    Hi Folks,
    Could you please share, What are the versions required for JBOSS, JDK and ORACLE to setup the ATG 10.2.
    Thank you.

    In case you don't have access to MOS :
    JBOSS : 5.1.2 EAP
    JDK : 1.6.0_38
    ORACLE :
    Oracle Exadata5
    Oracle 10gR2 (10.2.0.3)
    Oracle 10gR2 RAC (10.2.0.3)
    Oracle 11gR2 (11.2.0.2.0)
    Oracle 11gR2 RAC (11.2.0.2.0)

  • What is the cost for Final Cut Pro if I don't have a previous version to update?

    What is the cost for Final Cut Pro if I don't have a previous version to update? I see the $299 price for updates.
    What is the brand new purchase price?

    Thanks so much. Yes I was thinking on the lines of PwnySlaystation's response.
    I appreciate the help.
    Will this new version run on OS 10.6.8?
    Thanks for the help.

  • What is the last version of itunes for Tiger 10.4.11 and what is the link for the download

    What is the last version update for itunes for Tiger 10.4.11 and what is the link for the update download?

    Click here, or here if you're using a G3.
    (119812)

  • What is the version of APEX that comes with DB 11.2.0.2?

    What is the version of APEX that comes with DB 11.2.0.2? Is it 4.0?
    Where can I confirm this, is there a list of DB features and versions for 11.2.0.2?
    Am I correct in thinking there currently a patch for Apex 4.0.2.?
    Thanks
    Will

    Hi Will,
    I believe APEX 3.2 is still shipped with Oracle 11g but I could be wrong.
    All the documentation regarding 11g r2 can be found at:
    http://www.oracle.com/pls/db112/portal.portal_db?selected=1&frame=#new_to_oracle_database_11g
    The information regarding the patch can be found in Joels Blog:
    http://joelkallman.blogspot.com/2011/04/application-express-40-and-library.html
    Thanks
    Paul

  • What is the version of Firefox that I have? Firefox 3?

    '''What is the version of Firefox that I have?
    Is it Firefox 3 or above?'''

    Try out Help->About Firefox
    If it needs updating, it'll update from there, or at least tell you it's version number
    Note: you may need to 'restart' Firefox
    According to the Firefox website, 32.0.3 is the 'current' non-[https://www.mozilla.org/en-US/firefox/organizations/faq/ ESR] version
    (at least for my system as of this post)
    Was this 'message' or 'notification' from a website, or a website ad?
    Just in-case, You may want to run a real virus check on your system. (not from some random ad, check with a 'geek' for help with this.)
    Typically, don't trust random downloads that just come to you while you surf.

  • My RoboHelp HTML 9 is not showing version control link

    My RoboHelp HTML 9 is not showing version control link in File menu and in Tools - > options. Do I need to set anything in project to see version control link?

    Welcome to our community
    Have you tried right-clicking the toolbars and ensuring you are seeing the Version Control toolbar?
    I believe it may also depend on whether you elected to install version control when you installed RoboHelp. And in thinking about it, *IS* there a version control system installed?
    Cheers... Rick
    Helpful and Handy Links
    RoboHelp Wish Form/Bug Reporting Form
    Begin learning RoboHelp HTML 7, 8 or 9 within the day!
    Adobe Certified RoboHelp HTML Training
    SorcerStone Blog
    RoboHelp eBooks

  • Skype Business Version - What is the latest versio...

    Where can i see the release history for "Skype - Business Version", What is the latest version? and where can i find all the release notes?
    Thanks!

    That Skype Garage & Updates page, the Skype changelog, hasn't been updated in 7 years. Wikpedia has a 'Release history' section that is probably your only place to get a Skype changelog:
    https://en.wikipedia.org/wiki/Skype#Release_history

  • What are the versions of BW and what is the difference between them

    what are the versions of BW and what is the difference between them

    Hi Reddy,
    SAP BIW 2.0a, 2.0b
                   3.0a, 3.b
                   3.1c
                   3.5  and Now BI 7 are some of the versions.
    Major difference between BW3.5 and BI 7.0 versions:
    1. In Info sets now you can include Infocubes as well.
    2. The Remodeling transaction helps you add new key figure and characteristics and handles historical data as well without much hassle. This is only for info cube.
    3. The BI accelerator (for now only for Infocubes) helps in reducing query run time by almost a factor of 10 - 100. This BI accelerator is a separate box and would cost more.
    4. The monitoring has been improved with a new portal based cockpit. Which means you would need to have an EP guy in ur project for implementing the portal.
    5. Search functionality hass improved!! You can search any object. Not like 3.5
    6. Transformations are in and routines are passé! Yes, you can always revert to the old Tcodes.
    7. The *Data Warehousing Workbench *replaces the Administrator Workbench.
    8. Functional enhancements have been made for the Data Store object:
    New type of Data Store object, Enhanced settings for performance optimization of Data Store objects.
    9. The transformation replaces the transfer and update rules.
    10. New authorization objects have been added
    11.*Remodeling *of Info Providers supports you in Information Lifecycle Management.
    12 the DataSource: There is a new object concept for the DataSource .
    Options for direct access to data have been enhanced.
    From BI, remote activation of Data Sources is possible in SAP source systems.
    13. There are functional changes to the Persistent Staging Area (PSA).
    14. BI supports real-time data acquisition.
    15. SAP BW is now known formally as BI (part of NetWeaver 2004s). It implements the Enterprise Data Warehousing (EDW). The new features/ Major differences include:
    a) Renamed ODS as Data Store.
    b) Inclusion of Write-optimized Data Store which does not have any change log and the requests need no activation
    c) Unification of Transfer and Update rules
    d) Introduction of "end routine" and "Expert Routine"
    e) Push of XML data into BI system (into PSA) without Service API or Delta Queue
    f) Introduction of BI accelerator that significantly improves the performance.
    g) Load through PSA has become a must. Info Packages are used to load data upto PSA only.
        You need to create DTP to update data from PSA to Data Target.
    Regards,
    Ram.

  • What are the Versions of ipad 3

    What are the Versions of ipad 3

    They are listed on this page : http://www.apple.com/ipad/specs/ - 16, 32 and 64 gig versions of the wifi-only and 4G/wifi models

  • What are the version of the database?

    Hi Guru's
    What are the versions of the database which is comes with e-business suit?
    11.5.10.2 9.2.0.6
    11.5.10
    11.5.9
    11.5.8
    Please give me the reply
    Thanks

    What are the versions of the database which is comes with e-business suit?11.5.10.2 --> 9.2.0.6
    11.5.10 --> 9.2.0.5
    11.5.9 --> 9.2.0.3
    11.5.8 --> 8.1.7.4

  • Firefox has many versions, what are the 10 most widely used versions?

    Firefox has lots of versions, what are the 10 most widely used versions currently?
    == User Agent ==
    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

    http://www.w3schools.com/browsers/browsers_firefox.asp

  • "cwui"Error loading control. A newer version needed. The defaultsettings for the control will be used.

    各位先進:小弟最近在執行一個執行檔(.exe)時,跳出了"cwui"的視窗,上面寫著"Error loading control. A newer version needed. The defaultsettings for the control will be used."執行檔沒辦法動作,不知道是哪個地方出問題了...煩請各位解答我的苦惱之處!!感激不盡~

    請看看您的錯誤是否跟下面這個一樣
    http://digital.ni.com/public.nsf/allkb/627F8B1A99A72DBC862578770051FB9B
    若不是的話煩請提供您
    1. 錯誤訊息截圖
    2. 作業系統版本(是否是64-bit)
    3. LabVIEW版本
    4. 佈署端電腦所安裝的Runtime Engine版本
    5. 程式中有使用到的module或toolkit,例如:DSC, OPC server....等
    謝謝!

  • HT5100 I want to turn off the autoplay feature.  I'd like ITunes to stop after one podcast.  The latest version has changed the default for playback.

    I want to turn off the autoplay feature in iTunes.  I'd like iTunes to stop after one podcast.  The latest version has changed the default for playback.

    Make sure that the system time and date on your computer are set correctly.
    If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
    You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
    *Click the link at the bottom of the error page: "I Understand the Risks"
    Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
    *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
    You can see more Details like intermediate certificates that are used in the Details pane.
    Note that some firewalls monitor secure (https) connections and send their own certificate instead of the website's certificate.

  • HT3939 WHAT IS THE VERSION  OF IpHONE a1303b

    what is the version of My I Phone.model no A1303B

    You can look it up yourself:
    Identifying iPhone models

  • What  are the steps for merging of database files ?

    hi
    i have 23 datafiles in a tablespace .i want to merge these 23 datafiles into 4 to 5 datafiles.What are the steps for merging of database files
    Edited by: mithun on Oct 22, 2011 11:29 PM

    >
    i have 23 datafiles in a tablespace .i want to merge these 23 datafiles into no of
    small no of datafiles.What are the steps for merging of database filesYou didn't mention your Oracle version.
    See here for creating tablespaces http://www.adp-gmbh.ch/ora/sql/create_tablespace.html.
    You can specify as many (or as few) datafiles as you like.
    Then create tables in your new tablespace x_old_table_name(s) - you can Google this.
    Then select the data from old_table_name(s) into x_old_table_name(s).
    Drop old_table_name(s)
    Rename x_old_table_name(s) old_table_name(s).
    There may be a better way.
    Paul...

Maybe you are looking for

  • Premiere Pro CC 2014 (8.0.1.21) crashes when opening or creating a project

    I just downloaded the trial for Premiere Pro CC (2014), and the program keeps crashing every time I open or create a new project. I can idle at the "Startup Screen" but as soon as I open a project the program closes without warning. I've re-installed

  • Can i use my mac as a screen for my pc?

    can i use my mac as a screen for my pc?

  • Cannot access Statement

    Hi why i am getting following compilation error. mysql1.java:37: cannot access Statement bad class file: .\Statement.class class file contains wrong class: org.gjt.mm.mysql.Statement Please remove or make sure it appears in the correct subdirectory o

  • Why does my iTunes only show iTunes U and podcast options

    Why does my iTunes only show iTunes U and podcast options at the bottom. I just want to be able to watch movies on my iPad :( Plus when I go to the videos app and tap go to iTunes Store I get a blue message that says "cannot connect to iTunes Store".

  • SAP LDAP connection

    Dear all, One of our outsource Basis consultant recommends to configure the As ABAP system to LDAP directory. When we configured LDAP, could we maintain the users in the transaction SU01? or SAP trusts the LDAP user management therefore the user cann