Hiya, Well, as it seems that its the Microsoft Crash month, let see another one:

<html><form><input type crash></form></html>

This will crash IE with the following error:"Unhandled exception in iexplore.exe (SHLWAPI.DLL): 0xC0000005: AccessViolation"

It's a null pointer overwrite, so it's not easily exploitable...

This HTML also crash Outlook, Frontpage, and all the Microsoft programs that use the shlwapi.dll library to render web code.

Plain HTML is a dangerous language :)

Balvin says:

Not to be overly trollish here, but you could also squish poetry onto one long line or a big novel onto one really huge page, like something in Guinness's Book of World Records I suppose.

The point is, we use line counts in computer languages, even though most computer languages can be spaced out in numerous ways, because it provides a good rough estimate of length and complexity. It's not always the best metric, but oftentimes it serves its purpose well. In this case, the typical slashdot reader can see that the exploit is only "five lines" and realize that it's not a overly complicated HTML parser exploit but instead something ridiculously simple.

Features

Take Advantage of Everything InfoSec World Has to Offer

• Case Studies for Security Pros
• The Latest on Hacking Techniques
• Management Tips to Fine-Tune Your Skills
• Targeted Attacks
• The InfoSec World Expo
• Optional, In-Depth Workshops
• Intensive Networking
• Continuing Education Credits
• CISSP Exam
• Book Signing

Read more on the features

This year's keynote addresses will expand your mind and inspire you to think about information security from fresh perspectives:

1. Tom Ridge (First Secretary of Homeland Security)
2. Peter Bergen (Prominent Terrorism Analyst)
3. Kevin Ashton (Co-Founder and Former Executive Director, Auto ID Center, MIT)
4. Jeff Jonas (Chief Scientist and Distinguished Engineer, IBM Entity Analytics)

The full conference details