Arbitrary code execution

In computer security, Arbitrary Code Execution is an exploit that allows executing code without permission. A good example are cross-site scripting (XSS) attacks which inject client-side scripts into a webpage such as the self-retweeting tweet on TweetDeck.

On June 11, 2014, user @derGeruhn tweeted

<script class="xss">$('.xss').parents().eq(1).find('a).eq(1).click();$('[data-action=retweet]').click();alert('XSS in Tweetdeck')</script>♥

followed by a heart. TweetDeck displayed the tweet without any precautions, so the script ran and what it did was retweet the tweet. For that reason, it only worked for TweetDeck users and the code was only showed and executed for them. What Twitter users saw was the heart. It got 83 thousand retweets before it was fixed.