This is precisely the point that almost everyone is missing
completely (but still clamoring "it works on X, it doesn't work on
Y"), and that Sapheriel pinpointed: the core problem lies in the
Windows .bmp implementation.
So, I wonder aloud, what is the purpose of publishing 'advisories'
that misattribute this flaw to IE  or Firefox or any of the other
hundreds or thousands of programs that use it and can be DoSed as a