CVE-2009-3019 Information

Description

Microsoft Internet Explorer 6 on Windows XP SP2 and SP3 and Internet Explorer 7 on Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element and then calls setAttribute to set the value attribute.

Reference

http://www.exploit-db.com/exploits/9455