Arbitrary code execution

In computer systems, arbitrary code execution refers to an attacker's ability to execute any commands of the attacker's choice on a target machine or in a target process. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. Most of these vulnerabilities allow the execution of machine code and most exploits therefore inject and execute shellcode to give the attacker an easy way to manually run arbitrary commands. The ability to trigger arbitrary code execution from one machine on another machine is often referred to as remote code execution.

It is the worst effect a bug can have because it allows an attacker to completely take over the vulnerable process. From there the attacker can potentially take complete control over the machine the process is [running on. Arbitrary code execution vulnerabilities are commonly exploited by malware to run on a computer without the owner's knowledge or consent.