[VulnWatch] RE: [VulnDiscuss] new IE bug (confirmed on ALL windows)

From: Steve Manzuik (steve@private)
Date: Tue Nov 01 2005 - 11:18:23 PST

I noticed that you made no mention of informing or attempting to work with
the vendor on this issue.  So I have forwarded this message to
secure@private which is the email address one would use if they
choose to work with a vendor.

VulnWatch has never attempted to impose any type of disclosure policy on
anyone that uses this list.  That being said, I do want to go on the
record of stating that much like the companies that will purchase your
bugs, VulnWatch will gladly help any researcher or casual IT Security
enthusiast with the researching and disclosure process of any potential
security vulnerability or bug.  Unlike the companies that purchase your
bugs, VulnWatch is a free resource for the IT Security Community so we
offer no payment other than you get full credit for the find -- unless you
wish to remain anonymous.  Note that we have offered this service long
before anyone has offered to pay you "beer money" for a bug.

As a refresher, here is how it works.

1.)  You find a bug or potential bug but want help researching it.
          - email mod at vulnwatch.org we will help you research the
help you work with the vendor and insure that you get full credit.  Or, if
you prefer to remain anonymous you can do that as well.

2.)  You find a bug and need help working with the vendor
          - email mod at vulnwatch.org and we will help you with that.

Or, if you prefer, just drop your zero day with no vendor notification to
vulnwatch@private  Either way we don't lose sleep but for the
record I think all of the moderators of VulnWatch prefer a more
responsible disclosure.

Not flaming or critisizing you or anyone -- I just wanted to offer up the
brains at VulnWatch to anyone that may need future help.


Steve Manzuik
Moderator - VulnWatch.Org

-----------------------------Original message-------------------

From: ad@private [mailto:ad@private]
Sent: Tue 11/1/2005 10:01 AM
To: vulnwatch@private
Subject: [VulnDiscuss] new IE bug (confirmed on ALL windows)

I think I have found by chance this weekend a security bug,while browsing
the website news, within iexplorer on all windows versions.

I haven't enough knowledge (and don't want) into web browsers security to
conduct a full investigation, at least,

I took the source of the webpage and with a simple split method on the
code, it's now reduce to some line of html code and a .css file to trigger
the bug.

And by the way the crash looks like to happen each time now instead of
sometimes while browsing the affected website.

http://class101.org/IEcrash.htm (ONLINE test)

http://class101.org/IEcrash.rar (OFFLINE package)

my tests(updated to 01 Nov. 2005):

Windows NT4 Workstation  SP6a ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-

Windows NT4 Server       SP6a ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-

Windows 2k  Workstation  SP4  ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-

Windows 2k  Server       SP4  ENGLISH 32-bit (IE32-6.0.2800.1106) -CRASH-

Windows XP  Professional SP1  ENGLISH 64-bit (IE32-6.0.3790.1830) -CRASH-

Windows XP  Professional SP1  ENGLISH 64-bit (IE64-6.0.3790.1830) -CRASH-

Windows XP  Professional SP2  ENGLISH 32-bit (IE32-6.0.2900.2180) -CRASH-

Windows XP  Professional SP1  ENGLISH 32-bit (IE32-6.0.2900.1106) -CRASH-

Windows 2k3 Server Std   SP1  ENGLISH 32-bit (IE32-6.0.3790.1830) -CRASH-
(silently exiting, no crash box...)

This archive was generated by hypermail 2.1.3 : Tue Nov 01 2005 - 11:20:09 PST