An introduction to format string vulnerabilities within the Windows Intel Architecture environment. During this presentation will introduce the audience to the concepts of format strings and associated vulnerabilities. I will take the audience from the basics of what is a format string and how it’s used, through discovering and leveraging of format string vulnerabilities. I will show how format strings vulnerabilities can be used to read data from process stack, arbitrary memory and also methods used to write data to arbitrary memory. Leveraging vulnerable format string functions we will also discuss the basics of triggering various exceptions to gain control of the flow of execution within a vulnerable application. This presentation will include a number of live demonstrations.