Prev Question
Next Question

Which of the following kinds of function are particularly vulnerable to format string attacks?

A.
C functions that perform output formatting

B.
C functions that perform integer computation

C.
C functions that perform real number subtraction

D.
VB functions that perform integer conversion

E.
SQL functions that perform string conversion

F.
SQL functions that perform text conversion

Explanation:
Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash
a program or to execute harmful code. The problem stems from the use of unfiltered user input as
the format string parameter in certain C functions that perform formatting, such as printf(). A
malicious user may use the %s and %x format tokens, among others, to print data from the stack
or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using
the %n format token.

Prev Question
Next Question
Tagged:

Leave a Reply

Your email address will not be published. Required fields are marked *