Programmer's Ultimate Security DeskRef

Prototype: int _cprintf( const char *format [, argument] ... )
Summary: This function formats and outputs a string to the console.
Description: Using the input string "format" this function will output a string to the console. It uses the inputs to define the format of the output string and the content. The format (and content) is held in the constant string "format", and the argument (if any) provides values to variables and additional content. The formatting is similar to that of printf. The function returns the number of characters printed to the console.
Risk: This function is potentially vulnerable to a format string attack where an attacker could cause the application to crash unexpected or execute arbitrary code. Format string bugs were discovered in 2000 and the problem is typically spawned from user input that is not properly filtered. Both Microsoft .Net and SPI Dynamics to name two have secure objects that can be implemented to check strings and user input gained from human sources within applications to protect against input-directed vulnerabilities. It is critical that you verify the inputted data have only proper and expected characters in addition to ensuring that your function is properly called. For example, the functions should always utilize their parameters such as printf("%s", malicious_string) instead of printf(malicious_string).
Note: At time of publication, this function was designed for Windows compatibility.
Additional Resources: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore98/html/_crt__cprintf.asp
Impact: Medium
Cross References: _cscanf, fprintf, printf, sprintf, vfprint