It's called an exploit. For instance, a recent security risk was a possible buffer overflow in the Windows HTML converter. A specially crafted e-mail could exploit this bug to run executable code on the user's computer, which could include a call to an externally visible function in another program. The part that really throws doubt on the claim is that it effects both Macs and PCs.