Blocking VML with ISA 2004 & ISA 2006 discusses a vulnerability in the VML parsing dll which can result in an unpleasant experience. discusses a methodology by which you can use ISA 2004 or ISA 2006 to block HTTP-based attacks targeted against this vulnerability.

Finally, automates the process of creating the proper HTTP Filter settings for you.

Tim's report was accurate (see my comments).  I've updated the script to version 1.2 and reposted it.  Many thanx to Tim for his discovery.

Thank you,

Jim Harrison (ISA Sustained Engineering)

Comments (7)
  1. Anonymous says:

    Hej på er,

    Som ett avbrott i byggandet, ISA Teamet har postat i sin blog hur man gör för att skydda…

  2. Anonymous says:

    The ISA product team blog has details and links to instructions on how to configure ISA 200x to block…

  3. Anonymous says:

    Hello! Very interesting. Thank you.

  4. Tim Long says:

    I’ve just re-downloaded the script from the link above to verify and in fact I did paste the wrong code snippet into my blog entry (now corrected, apologies for the confusion). The content was substantially correct and the addition of parenthesis was my first stab at troubleshooting the script.

    I understand and support the statement that people should only use the "official" script – the changes I made are documented in my blog entry for anyone who wants to do likewise.


    Tim’s report uncovered an odditiy in VBScript processing of the ‘and’ test.  changing the script to a ‘nested if’ fixed the problem.

    ..I like JScript soooo much better…

  6. Donald says:

    Just installed in a test environment and had one problme on ISA 2006. It broke rpc/https publishing. I had to uncheck the filters to make it work.

Comments are closed.

Skip to main content