Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.