Summary
Internet Explorer is Microsoft's core browser which is a part of any Windows operating system and is the dominant browser currently in the world.

A malformed HTML page containing Javascript code with a specially crafted META tag will bring down Internet Explorer with an access violation.

Details
Vulnerable Systems:
* Internet Explorer 6.0 SP1 with all the latest patches

The following script code will cause Internet Explorer to crash when trying to parse the META tag contained within. The problem stems from a bug in the MSHTML library (mshtml.dll). Below is the script code that causes the crash:

<scr!pt type="text/javascript">
Wnd = window.createPopup();
Wnd.document.body.innerHTML='<meta http-equiv="imagetoolbar" content="no">';
</scr!pt>

The effect of the META tag is to cause an access violation within mshtml.dll, however not exploitable. The problematic piece of code is shown below:

636D54AF 8B48 2C MOV ECX, [EAX+2C]
EAX = 0, Bad read of address 0x0000002C.

Additional information
The information has been provided by Mike Mauler.
Source : http://www.securiteam.com/windowsntf...DP0B20CUW.html

I test it myself! Change the ! for i in the script code and save it on a local page. This will make IE crash!