The author of this article goes over a format string vulnerability he found in The Elder Scrolls series (http://www.gironsec.com/blog/2013/05/exploit-in-skyrim/) starting with Morrowind and going all the way up to Skyrim. It's not something that will likely be exploited, but it's interesting that the vulnerability has lasted through a decade of games. 'Functions like printf() and its variants allow us to view and manipulate the program’s running stack frame by specifying certain format string characters. By passing %08x.%08x.%08x.%08x.%08x, we get 5 parameters from the stack and display them in an 8-digit padded hex format. The format string specifier ‘%s’ displays memory from an address that is supplied on the stack. Then there’s the %n format string specifier – the one that crashes applications because it writes addresses to the stack. Powerful stuff.'"

http://games.slashdot.org/story/13/05/12/0327204/vulnerability-found-in-skyrim-fallout-other-bethesda-games