Format String Vulnerabilities The Impact of A Leaky Program

  • Webcast Aired Tuesday, 16 Feb 2021 10:30AM EST (16 Feb 2021 15:30 UTC)
  • Speaker: Michiel Lemmens

Format strings are a common way to print out text to a console in C or C++ programs. Just a harmless way to show some output, right? Well, under the right conditions they can leak out memory content to a savvy user. And as memory contains, well, all data a program uses, and many other control structures, this can lead to a problematic situation.

In this webcast, we will be discussing:

  • How format strings are used in programs
  • How their syntax can help create format string vulnerabilities
  • What information they provide to an attacker
  • How they can be exploited