This document discusses format string attacks and how they can be exploited. It provides an example (fsa.c) of a program with a format string vulnerability. By compiling the program without protections and disabling ASLR, an attacker can view the program stack using different format strings. This allows viewing memory at any location and overwriting arbitrary memory by exploiting the %n field. So a format string vulnerability can be used to overwrite return addresses and execute shellcode.