[原文]Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.
[CNNVD]Microsoft Internet Explorer 根据写入BMP的文件的内存大小，而不是实际BMP文件大小分配内存的漏洞(CNNVD-200404-011)
Microsoft Internet Explorer 5.5和6.0版本根据写入BMP文件的内存大小，而不是实际BMP文件大小分配内存，远程攻击者借助一个有大内存的小BMP文件导致服务拒绝（内存消耗）。
Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted bitmap image file is loaded in Internet Explorer. This flaw exist because Internet Explorer checks the image size written in the bitmap and not the actual file size to allocate the necessary memory. It is possible to set a very large number (FFFFFFFF^2) for the bitmap file size that may consume all the available memory.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The vendor reportedly plans to issue a fix as part of a subsequent Service Pack release.