Wednesday, December 12, 2007

User supplied format string vulnerability

This vulnerability type is less frequent than buffer overflows but more entertaining to exploit. There are probably more articles written about how to exploit them than real format string vulnerabilities in programs. The best one is the scut/team-teso paper.

  • Exploiting Format Strings Vulnerabilities - scut@team-teso Sep 2001 V1.2 PDF

No comments: