Found this one just about now... I hope it ain't posted before...

Internet explorer can be crashed by clicking on a specially crafted link . The problem is in the AnchorClick DHTML behaviour of the A ( link ) object . With this behaviour you can specify a Folder instead of using the href attribute .
Article can found here

Greetz,

***edit*** You can find lots more security - news here :

http://www.securitynewsportal.com/cg...29073705?-2622