Hal Burch and Robert C. Seacord explain programming language format string vulnerabilities. They also illustrate that, as is the usual misconception, C and C++ are not the only ones vulnerable to the exploits. The vulnerability usually arises from directly including user input in the format string.
Programming languages provide various format functions so that a string can be formatted, e.g., printf(). The arguments to these functions usually include, the way the string should be formatted, called the format string, and the values that should be used to format it. If the programmer is unaware that a certain function takes a format string, he/she can end up passing user values instead of the format string in that argument. The paper Exploiting Formating String Vulnerabilities (pdf) can provide details about the various possible ways attacks can be carried out.
The technique is conceptually very obviously similar to other injection techniques, like SQL Injection, where the user can provide (inject) malicious input which is not correctly handled by the programs. Knowledge of these injection techniques can be used to build tools which automatically detect such vulnerabilities, or at least build policies that find themselves in coding conventions.
