On Sat, 2004-09-18 at 06:25, Matt wrote: > One last question, do the fffe 000(0|1) bytes > always have to follow each other for this exploit, or is this just a pure > example of the possibility of this exploit?
they have to follow each other fffe denotes the start of a jpeg comment field and the following two bytes indicate its length. The exploit is to specify a length of zero or one byte. Inside a jpeg file the sequence fffe _always_ indicates the start of a comment, therefore any jpeg file containing the sequence fffe0000 of fffe0001 is attempting the exploit. BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
