Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object, which triggers a null dereference.