BroadWin WebAccess SCADA/HMI Client Remote Code Execution Vulnerability [0day]

WebAccess is the first fully web browser-based software package for
human-machine interfaces (HMI), and supervisory control and data
acquisition (SCADA). bwocxrun.ocx ActiveX component is prone to
a remote code execution vulnerability by combination of some ActiveX
methods to creating a arbitrary file in arbitrary location.
the following exploit take advantage of windows WMI and .mof files
to execute arbitrary code on the target machine.

-Snake ( Shahriyar.j < at > gmail )
twitter.com/ponez

Ref :
*http://broadwin.com/Client.htm
*http://www.exploit-db.com/exploits/17772/
*Metasploit Mof Generator