Yea that's true. This small ( not exactly small) iframe is powerful enough to crash down a 64 bit Win7 system to the famous Blue Screen Of Death (BSoD). This vulnerability has been recently reported by w3bd3vil (awsome work!!)
This has been tested on Windows 7, 64 bit version, running Safari. I hate the blue screen of death so didnt bother about testing it on other browsers. Microsoft is still accessing the impact of vulnerability. Here are the details from a security advisory.
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser.
Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.
The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected.
No effective solution is currently available.
Provided and/or discovered by