These vulnerabilities may allow an attacker to execute arbitrary code.

It's just you don't want a browser running arbitrary code on your computer.

I've a question about what happens after a bad guy has found a vulnerability in an application and gets that arbitrary code to run.

When the bad guy's arbitrary code finishes, does the application crash?

Is the bad guy smart enough to populate the arbitrary code with the correct return address so the application continues as normal?

These conditions often result in a crash, which could potentially be used by an attacker to run arbitrary code on a victim's computer.

And we presume that with enough effort at least some of these could be exploited to run arbitrary code.

"I am not in favor of these arbitrary codes," he said.

It can describe the content of the record or be an arbitrary code.

There's an overflow error which can be exploited to run arbitrary code.