This question comes from my experience with the following question: http://stackoverflow.com/questions/492748/new-responses-icon-on-so-crashes-ie7-closed
In that question, you will see the effort I put fourth in debugging this crash in IE, and in doing so, I can see the potential threat of exploitation and remote code execution.
So, being that I spent the time already, I was wondering if anyone knows all the steps and proper process/procedures one has to take to actually get a real security advisory published? I've never done it, and a couple quick searches didn't turn up anything on the subject.
It's been a week since I posted the question, so this exploit has mold growing on it already, but I still haven't seen it addressed yet, so the threat still exists.
If you have done this type of thing before, would you be willing to help someone out?