Hello, Does anyone know how to test for this? Someone said that they
get that error when they visit my website. I think is got to be
related to the pull down menu script but I havent seen anything like
this before.
On 20 Feb 2007 05:29:06 -0800, "joe"
>Hello, Does anyone know how to test for this? Someone said that they
>get that error when they visit my website. I think is got to be
>related to the pull down menu script but I havent seen anything like
>this before.
Since this is an old vulnerability that requires the use of a specially
crafted JPEG image, I would start by determining which JPEG image is
causing the problem. If a machine that has IPS protection attempts to open
a page on your web site, but does not receive some of the images, then you
should replace those images with something else and see if the problem goes
away. There are other ways to determine which JPEG is causing the problem,
but you will need to know how the CAN-2004-200 vulnerability works in order
look for the pattern within the JPEG file. You could try reading this
paper about this vulnerability (and vulnerabilities associated with JPEG
files) http://www.infosecwriters.com/text_resources/pdf/JPEG.pdf
On 20 Feb 2007, in the Usenet newsgroup comp.security.firewalls, in article
<1171978146.366798.55130@t69g2000cwt.googlegroups.com>, joe wrote:
>Hello, Does anyone know how to test for this? Someone said that they
>get that error when they visit my website. I think is got to be
>related to the pull down menu script but I havent seen anything like
>this before.
Web Results 1 - 10 of about 31 for CAN-2004-200. (0.31 seconds)
[PDF] JPEG Vulnerability: A day in the life of the JPEG Vulnerability
File Format: PDF/Adobe Acrobat - View as HTML
Your browser may not have a PDF reader available. Google recommends
visiting our text version of this document.
Buffer Overrun in JPEG Processing. CVE. CAN-2004-200.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0 200. BUGTRAQ.
20040914 ...
www.infosecwriters.com/text_resources/pdf/JPEG.pdf - Similar pages
You might also ask "Someone" what kind of web browser they're trying to
use, and what kind (if any) of "firewall".
Old guy
On Feb 20, 12:07 pm, Default User
> On 20 Feb 2007 05:29:06 -0800, "joe"
>
> >Hello, Does anyone know how to test for this? Someone said that they
> >get that error when they visit my website. I think is got to be
> >related to the pull down menu script but I havent seen anything like
> >this before.
>
> Since this is an old vulnerability that requires the use of a specially
> crafted JPEG image, I would start by determining which JPEG image is
> causing the problem. If a machine that has IPS protection attempts to open
> a page on your web site, but does not receive some of the images, then you
> should replace those images with something else and see if the problem goes
> away. There are other ways to determine which JPEG is causing the problem,
> but you will need to know how the CAN-2004-200 vulnerability works in order
> look for the pattern within the JPEG file. You could try reading this
> paper about this vulnerability (and vulnerabilities associated with JPEG
> files)http://www.infosecwriters.com/text_resources/pdf/JPEG. pdf
According to:
http://marc.theaimsgroup.com/?l=bugtraq&m=109524346729948&w= 2
Detection
------------------------
Detection could be accomplished by examining the JPEG image for the
following byte sequence:
0xFF 0xFE 0x00 0x00 or 0xFF 0xFE 0x00 0x01