He neg check out this little thingie I put up:
http://www.tp2.be/eastwood/ie/main.htm
It is a small collection of IE crashes found on the mailing lists recently.
There are some more serious vulns in IE like local file deletion and execution.
IE is very forgiving in some ways like the closing tags andso.
If you disable the 'disable script debugging' in IE advanced options you might get some strange results from the Windows inner html.
