Users who will click on anything in email or on the web. "This program installs a virus. Only an Idiot would deliberately install a virus on his own computer. Install Virus?" A friend of mine set up a piece of a web site that had prompts like that and little graphics of a checking account balance counting down to zero. Most visitors clicked all the way through the multi-stage warning to install the "virus", which never actually installed anything, just called them idiots for trying.
Email programs which will run active content in emails in the "preview pane" without a user being present.
Operating systems subject to remote code execution vulnerabilities caused by, often, buffer overflow problems.
Often, ignorant users, Microsoft Internet Explorer, Microsoft Outlook, and Microsoft Windows, not necessarily in that order. Don't take this to mean that non-Microsoft systems are invulnerable: they aren't.
I consider the fact that you can double-click on an attachment in an email and cause it to execute to be as serious a problem as having a self-destruct pedal between the gas and the brake of a car, even if it's labelled "Press here to explode entire car".
If he installs a teenager with his head glued to a cell phone (who will obey instructions from him) in your car, he *CAN* do that. It gets even worse when he can persuade YOUR kid or wife to do it for him with YOUR cell phone minutes. The same applies to higher-tech remote controls.
There's a lot of remote-access stuff that is on by default and makes life harder if you turn it off (see ports 137, 138, and 139).
If the vulnerability is in the network stack or in servers listening on network ports, it's possible to probe corner cases by either attempting the exploit or looking at a side effect of a fix (say, it changes the way TCP sequence numbers are generated). The probing is done by treating the software as a "black box" but suspecting its contents, for example, looking at the response to a particular type of malformed packet.
Some scanners can operate as simply as connecting to port 25 of some server, look at the banner line that comes back, and checking the version of Sendmail against the known-vulnerable-version list.
I wish they were residing in Club Fed.
Software is complex and anticipating everything that can be thrown at it is hard. For example, suppose that at your house you have a phone and an eight-year-old child who sometimes answers it when others are busy. Are you *ABSOLUTELY SURE* that nothing a stranger says to the kid over the phone could cause your house to burn down?
Microsoft's Patch Tuesday is the second Tuesday of every month. Some people don't like the Microsoft prioritization of patches: a DRM patch that closed a hole allowing stripping protection came out in 3 days. Patches for the hole OPENED by MS06-042 and the silent data corruption caused under certain conditions by MS06-049 didn't get anywhere near that fast a fix.