Haroon from Sensepost proves his leetness yet again

Check out this ActiveX attack on a Juniper SSL-VPN. Extremely clever and yet so simple when you really step back and take a look at how things work. A little bit of everything is involved. Some web app, predictable resource location, command execution, etc. Sheesh, what more to do you want!? :)