Which of the following types of attack makes use of unfiltered user input as the format string
parameter in the printf() function of the C language?
format string vulnerabilities
None of the choices.
Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash
a program or to execute harmful code. The problem stems from the use of unfiltered user input as
the format string parameter in certain C functions that perform formatting, such as printf(). A
malicious user may use the %s and %x format tokens, among others, to print data from the stack
or possibly other locations in memory. One may also write
arbitrary data to arbitrary locations using the %n format token.