Yet another Internet Explorer crash has been discovered! This one is incredibly simple to reproduce, but doesn’t look (easily) exploitable because it’s a null pointer write.
To reproduce, simply load a page containing
<input type crash>
That’s it! I’ve set one up here. Don’t click it if you are using Internet Explorer!
It also affects Outlook, Frontpage, and a few others.
See the BugTraq Listing for details.