A Perl script generated an HTML file with a 60 MB junk buffer inside an HTML comment. Opening this file normally worked fine, but choosing “View Source” caused an access violation in IE that !msec.exploitable classified as PROBABLY_EXPLOITABLE.

# create.pl — generates the crash HTML
open(OUT, ">crash.html");
print OUT "<!--";
print OUT "A" x (60 * 1024 * 1024);
print OUT "-->";
close(OUT);

The view-source path had a different code path for handling large text buffers than the normal renderer. Allocating and copying a 60 MB comment for display in the source view hit a boundary condition that corrupted memory. The PROBABLY_EXPLOITABLE rating suggested the faulting address was used in a way that could be influenced by the buffer content.

Found during my years at Microsoft (2006–2014). These bugs were patched long ago — shared here as a historical record for learning purposes.