A buffer-overrun bug can occur when an application reads a text string without considering its length. This can be exploited by a carefully-crafted string that includes executable code. When read, the string overwrites program memory, causing the program to execute code that is not properly a part of the executable.