Today I've been playing with a format string bug on a software for Windows when I came across a special "glitch" in Microsoft's C Runtime library (MSVCR) version 10.

Seeing how the use of %n in a format string could essentially allow you to write any number in an arbitrary memory location, I decided to try it out. My first try...