As any stroll down the latest Metasploit exploit list will tell you, attacking client technologies is very hot right now, including browsers, mail readers, audio players, etc.  Here is an interesting article from Brian Krebs about a huge area likely to be very ripe with such exploits: ActiveX controls installed by third parties.  Krebs summarizes well the research of Richard M. Smith, who claims to have found a cornucopia of buffer overflow flaws in widely deployed ActiveX controls.  Handler extraordinaire Agent Tom Liston points out the possibility of using a known flaw in an ActiveX control to really help target a given population, such as a given ISP's customers or perhaps a given corporation or government known to use a given ActiveX control.