WebAccess is the first fully web browser-based software package for
human-machine interfaces (HMI), and supervisory control and data
acquisition (SCADA). bwocxrun.ocx ActiveX component is prone to
a remote code execution vulnerability by combination of some ActiveX
methods to creating a arbitrary file in arbitrary location.
the following exploit take advantage of windows WMI and .mof files
to execute arbitrary code on the target machine.
Note : this version bypass added check in v1.0.0.10 and v1.0.0.11 of
bwocxrun.ocx, but you have to set the full path ( no global ).
-Snake ( Shahriyar.j < at > gmail )
twitter.com/ponez