Procedure for reporting IE crash bugs

[BillyRayPreachersSon]

Hi,

I'm just wondering if anyone knows what the correct procedure is to report IE problems.

At work, we've found a bug that will cause IE 5.0, 5.5, and 6.0 to crash dead, and take the CPU time up to 100%. It involves no scripting whatsoever, replying purely on HTML and CSS.

We do not know if it is possible to exploit this crash, but would like to report it anyway.

I can't find an obvious link for potentially serious issues on the MS website, and have had little joy reporting bugs to them before. Would using something like SecurityFocus.org be a better bet?

Thanks,
Dan


[tt]Dan's Page [blue]@[/blue] Code Couch

http://www.codecouch.com/dan/

[/tt]

 

[Foamcow]

At work, we've found a bug that will cause IE 5.0, 5.5, and 6.0 to crash dead, and take the CPU time up to 100%. It involves no scripting whatsoever, replying purely on HTML and CSS.

Would that be clicking on the big blue 'e' in the Start Menu?

;-)

flame on!

Foamcow Heavy Industries - Web design and ranting
Target Marketing Communications - Advertising, Direct Marketing and Public Relations
I wonder what possesses people to make those animated gifs. Do you just get up in the morning and think, "You know what web design r

 

[BillyRayPreachersSon]

Heheh.. no... and for obvious reasons, I don't want to post the code to show the issue ;o)

Imagine having all scripting disabled, but still be guaranteed to bring IE to a grinding halt - pretty shocking, really.

I contacted securityfocus (well - emailed their webmaster, as they have no "report an exploit" link), but have heard nothing back.

I can only assume that no-one cares if there is a new potential problem out there. Lucky I'm not an "e-terrorist" - I'd have given up and released it by now!

Dan


[tt]Dan's Page [blue]@[/blue] Code Couch

http://www.codecouch.com/dan/

[/tt]

 

[Xaqte]

Have you tried it on a XP SP2 workstation?

As far as reporting it, try this:

http://support.microsoft.com/gp/contactbug

Let us know your results!

X

 

[Foamcow]

Imagine having all scripting disabled, but still be guaranteed to bring IE to a grinding halt - pretty shocking, really.

I don't see your point. ;-)

Seriously now though - can you mail it to me puretty purlease?

Foamcow Heavy Industries - Web design and ranting
Target Marketing Communications - Advertising, Direct Marketing and Public Relations
I wonder what possesses people to make those animated gifs. Do you just get up in the morning and think, "You know what web design r

 

[BillyRayPreachersSon]

Just in case anyone else has a similar query, here is the URL to visit for security and vulnerability information:

http://www.microsoft.com/security/msrc/default.mspx

Dan


[tt]Dan's Page [blue]@[/blue] Code Couch

http://www.codecouch.com/dan/

[/tt]

 

[jrbarnett]

You can try here:

http://www.microsoft.com/worldwide/phone/contact.aspx?country=United Kingdom

John

 

[BillyRayPreachersSon]

Well - after a few emails back and forth, they have decided that because I cannot show how it can be exploited, then it is not considered to be an exploit. This, despite the fact that it will bring IE and CPU to a halt on any box with scripting disabled.

Maybe I should post the code, so that every "l33t hax0r" under the sun can work out how to exploit it, then they might do something to fix it.

I never thought I'd see this "ostrich approach" from such a big corporate.

What can you do?!


[tt]Dan's Page [blue]@[/blue] Code Couch

http://www.codecouch.com/dan/

[/tt]