A format string exploit is possible where the user supplies to format string instead of the programmer.
For example, instead of:
printf("%s", some_user_input);The lazy programmer elects to:
printf(some_user_input);A format string exploit typically makes use of modifiers such as %n to modify locations in memory. Exploitation on x86 is easy when the user-supplied format string is stored on the stack and can therefore be used as arguments to printf (have printf ignore garbage stack values with %x).