A start can be found here: http://forum.mikrotik.com/t/winbox-exploit/121845/1
Also check the blog for more information.