A simple way of exploiting an error in a program might only crash the program. That is only a “denial of service” vulnerability. Sometimes hackers can carefully set up conditions so they can run their own code instead of crashing the program when they exploit a vulnerability. That gives them the same access as the program they exploited.

Nowadays some programs, like web browsers, run in a restricted environment called a sandbox. Then even though the hacker can run their own code, they only get to do things inside the sandbox. But there might be another vulnerability they could exploit that allows them to run their own code outside of a sandbox.

A hacker may need to exploit several vulnerabilities in a row to gain complete control of a computer.