Buffer Overflow Vulnerability attempt detected (CAN-2004-200)

Hello, Does anyone know how to test for this? Someone said that they get that error when they visit my website. I think is got to be related to the pull down menu script but I havent seen anything like this before.

Reply to
Loading thread data ...

Since this is an old vulnerability that requires the use of a specially crafted JPEG image, I would start by determining which JPEG image is causing the problem. If a machine that has IPS protection attempts to open a page on your web site, but does not receive some of the images, then you should replace those images with something else and see if the problem goes away. There are other ways to determine which JPEG is causing the problem, but you will need to know how the CAN-2004-200 vulnerability works in order look for the pattern within the JPEG file. You could try reading this paper about this vulnerability (and vulnerabilities associated with JPEG files)

formatting link

Reply to
Default User

Web Results 1 - 10 of about 31 for CAN-2004-200. (0.31 seconds)

[PDF] JPEG Vulnerability: A day in the life of the JPEG Vulnerability File Format: PDF/Adobe Acrobat - View as HTML Your browser may not have a PDF reader available. Google recommends visiting our text version of this document. Buffer Overrun in JPEG Processing. CVE. CAN-2004-200.
formatting link
BUGTRAQ. 20040914 ...
formatting link
- Similar pages

You might also ask "Someone" what kind of web browser they're trying to use, and what kind (if any) of "firewall".

Old guy

Reply to
Moe Trin

According to:

formatting link


Detection could be accomplished by examining the JPEG image for the following byte sequence:

0xFF 0xFE 0x00 0x00 or 0xFF 0xFE 0x00 0x01
Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.