A format string exploit is another technique you can use to gain control of a privileged program. Like buffer overflow exploits, format string exploits also depend on programming mistakes that may not appear to have an obvious impact on security. Luckily for programmers, once the technique is known, it's fairly easy to spot format string vulnerabilities and eliminate them. Although format string vulnerabilities aren't very common anymore, the following techniques can also be used in other situations.
You should be fairly familiar with basic format strings by now. They have been used extensively with functions like
printf() in previous programs. A function that uses format strings, such as
printf(), simply evaluates ...