Uncontrolled format string is a type of software vulnerability, discovered around 1999, that can be used in security exploits. Previously thought harmless, format string exploits can be used to crash a program or to execute harmful code. The problem stems from the use of unchecked user input as the format string parameter in certain C functions that perform formatting, such as printf. A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token, which commands printf and similar functions to write the number of bytes formatted to an address stored on the stack.
Read more about Uncontrolled Format String: Details, Prevention
Famous quotes containing the word string:
“First you find a little thread, a little thread leads you to a string, and the string leads you to a rope. And from the rope you hang by the ... neck.”
—A.I. (Albert Isaac)