HTML Code That Crashes Internet Explorer

In an article on Slashdot today, it taked about a new Internet Explorer exploit that can crash all current versions with only 1 lines of plain HTML code - no ActiveX, no Javascript, but plain HTML.

Crash me, please (Requires Internet Explorer)

And here's the HTML that actually crashes the Internet Explorer

  <input type>

The keyword "crash" is actually not important - it can be anything you want. Of course, this trick failed to work with Mozilla 1.3 that I am using at the moment, so that I have to fire up my IE to perform the test. And yes, it crashed straight away with a dialog box popping up requesting to restart the IE. Here's the signature...

  AppName: iexplore.exe  AppVer: 6.0.2800.1106   ModName: shlwapi.dll
  ModVer: 6.0.2800.1106  Offset: 00025a43

It reveals that in fact all the applications that use shlwapi.dll will crash on this line of HTML, like Front Page or Outlook.

Actually, I don't know why I am writing this in my blog. I am a sort-of Internet Explorer developer at work - the only platform for the application we are developing is Internet Explorer. However, there is just so much frustration with its capabilities (or in-capabilities), as well as bugs and rendering glitches. Someone reported in the Slashdot comments that you can crash IE easily by putting random HTML, and I can certainly verify that. However, at the end, it might not be news-worthy. Everyone knows it, and everyone chooses to live with it.