Format Strings

Stems from passing untrusted buffer as the format string for "printf" like functions.
Easy to find during an audit, easy to fix.
Easy to find in the binary, easy to exploit.
- A format string vulnerability that echoes the result to the attacker is like giving the attacker a debugger into the application.
- Arbitrary code execution exploitation is relatively easy.

Stems from passing untrusted buffer as the format string for "printf" like functions.