Dictionary Home » Computer Definitions » Format-String Attacks

Format-String Attacks - technical definition

A new class of vulnerabilities discovered in June 2000. Prior to that, format-string attacks were believed to be harmless. The problem seems to be rooted in the use of unfiltered user input in the format string parameter in various C programming language’s functions that perform formatting—such as the printf() function format string. A cracker could, for example, use %s and %x format tokens to print from the stack or from other memory locations. Using the %n format token, crackers could insert carefully crafted code into the memory space of a running program and have it be executed. This software flaw has resulted in discovered vulnerabilities in more than 150 common tools.

See Also: Exploit; Programming Languages C, C++, Perl, and Java.

Farlex, Inc. The Free Dictionary: Format String Attacks. [Online, 2004.] Farlex, Inc. Website. http://encyclopedia.thefreedictionary.com/Format%20string%20attacks.
link/cite print suggestion box

More from YD

Browse entries near Format-String Attacks

FormMail

form spam

form view

formant information

format program

Formatted Objects

formatted text

format

forms software

formula

About YourDictionary Advertisers Contact Us Privacy Policy Terms of Use Bookmark Site Help Suggestion Box Tools
© 1996-2013 LoveToKnow, Corp. All Rights Reserved. Audio pronunciation provided by LoveToKnow, Corp.
About YourDictionary Advertisers Contact Us Privacy Policy Terms of Use Help
© 1996-2013 LoveToKnow, Corp. All Rights Reserved. Audio pronunciation provided by LoveToKnow, Corp.