bundle

50%

You are here: Home > ISACA Exam Questions > CISA (v.2) > Which of the following kinds of function are particularly vulnerable to format string attacks?

PrepAway - Latest Free Exam Questions & Answers

Which of the following kinds of function are particularly vulnerable to format string attacks?

seenagapeMay 6, 2016

Which of the following kinds of function are particularly vulnerable to format string attacks?

PrepAway - Latest Free Exam Questions & Answers

A.
C functions that perform output formatting

B.
C functions that perform integer computation

C.
C functions that perform real number subtraction

D.
VB functions that perform integer conversion

E.
SQL functions that perform string conversion

F.
SQL functions that perform text conversion

Explanation:
Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a
program or to execute harmful code. The problem stems from the use of unfiltered user input as the
format string parameter in certain C functions that perform formatting, such as printf (). A malicious
user may use the %s and %x format tokens, among others, to print data from the stack or possibly
other locations in memory. One may also write arbitrary data to arbitrary locations using the %n
format token.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Move Up