Pondus
20
adding some additional info to magnas comments
All malware are using so-called "security holes" in Windows OS to take advantage of some poorly / bad / large-scale written code in some legitimate application to launch their malicious code.
list of security holes here… click the orange arrow to the right, or google the CVE name fore more info. 
http://www.avast.com/exploit-protection.php