More information about the Office Web Components ActiveX vulnerability
Note that this is no security issue with the ISA firewall code itself, but rather with an Office Web Component that is installed during the ISA firewall software installation. You'll see the same code included when you install the ISA firewall console on a management machine.
Please note that when security best practices are followed (that is to say, you never browse from the firewall) then no security issue exists. This further highlights our decade long recommendation that you never use the firewall as a workstation, which means not using the browser to "surf" the Internet from the firewall.
For more information, check out:
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer