A format string exploit is possible where the user supplies to format string instead of the programmer.

For example, instead of:

printf("%s", some_user_input);

The lazy programmer elects to:

printf(some_user_input);

A format string exploit typically makes use of modifiers such as %n to modify locations in memory. Exploitation on x86 is easy when the user-supplied format string is stored on the stack and can therefore be used as arguments to printf (have printf ignore garbage stack values with %x).