Which of the following kinds of function are particularly vulnerable to format string attacks?
A.
C functions that perform output formatting
B.
C functions that perform integer computation
C.
C functions that perform real number subtraction
D.
VB functions that perform integer conversion
E.
SQL functions that perform string conversion
F.
SQL functions that perform text conversion
Explanation:
Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a
program or to execute harmful code. The problem stems from the use of unfiltered user input as the
format string parameter in certain C functions that perform formatting, such as printf (). A malicious
user may use the %s and %x format tokens, among others, to print data from the stack or possibly
other locations in memory. One may also write arbitrary data to arbitrary locations using the %n
format token.