This useless bit of code demonstrates how perfectly easy it is to crash a client machine running IE with a little bit of javascript.

Excuse the bad code, javascript is not something I do. Ever.

Apparently this has some effect on Netscape too.

I'm sure someone will find a use for this, or a way to make it that bit more irritating. Or, even better, fix it.

This was based on the same principle as the http://: problem, as posted to somone on vuln-dev at some point. The http://: and gopher://: seems to crash IE only, this shell thing kills Explorer.exe too...

Ian Kayne

(On behalf of myself)