PrepAway - Latest Free Exam Questions & Answers

Which of the following types of attack makes use of unf…

Which of the following types of attack makes use of unfiltered user input as the format string parameter in the
printf() function of the C language?

PrepAway - Latest Free Exam Questions & Answers

A.
buffer overflows

B.
format string vulnerabilities

C.
integer overflow

D.
code injection

E.
command injection

F.
None of the choices.

Explanation:
Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program
or to execute harmful code. The problem stems from the use of unfiltered user input as the format string
parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and
%x format tokens, among others, to print data from the stack or possibly other locations in memory. One may
also write
arbitrary data to arbitrary locations using the %n format token.


Leave a Reply