Rants, rambles, news and notes from another geek

Simple HTML Page Crashes IE

This is interesting. Create a text file and put the following in it:

<input type crash>  

Save it as crash.html and open it in IE. BOOM! How the hell did something like this slip though QA? As the advisory mentions, since IE gets embedded in a number of apps (Outlook particularly), this could be used as a DOS attack.