Handle different byte orders #70
Description
Contrary to what is written in the MS-CFB specifications, it seems the byte order can be either little endian or big endian.
Excerpts from MS-CFB:
"In a compound file, all integer fields, including Unicode characters that are encoded in UTF-16, MUST be stored in little-endian byte order."
In the header structure: "Byte Order (2 bytes): This field MUST be set to 0xFFFE. This field is a byte order mark for all integer fields, specifying little-endian byte order."
Some samples, such as the OLE object embedded into the malicious RTF file with hash fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206, have a different byte order.
TODO: check if the byte order is effectively big endian, or if only the header field is wrongly set.