> This is precisely the point that almost everyone is missing > completely (but still clamoring "it works on X, it doesn't work on > Y"), and that Sapheriel pinpointed: the core problem lies in the > Windows .bmp implementation. > > So, I wonder aloud, what is the purpose of publishing 'advisories' > that misattribute this flaw to IE [1] or Firefox or any of the other > hundreds or thousands of programs that use it and can be DoSed as a > result?
Admittedly; but here's the question: if it's all the fault of Windows .bmp implementation, or the fact that it's about a gig of data, why are certain browsers (like mine) not vulnerable to it? I'm going to the same page as anyone else... -- [stlst] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
