Whitepaper discussing the remote exploitation of format string bugs.
You can download it from the following link: https://packetstormsecurity.com/files/download/58465/exploit_remote_fmtstring.txt
Source: https://packetstormsecurity.com/files/58465/exploit_remote_fmtstring.txt.html